I Wish Reporters Knew Something About Engineering

Actually that is one of a very long list of things that I wish reporters knew about.

I would like to have some real information about what happened to the Southwest Airlines Boeing 737, aside from the 2 words, “metal fatigue” in relation to a fan blade. But most stories don’t even mention the First Officer of Flight 1380 by name – His name is Darren Ellisor. The Captain on the flight was Captain Tammie Jo Shults, but you probably already knew that.

I want to say that high-bypass turbofan blades are replaced regularly, but I’m actually not sure if that is true, or how it is handled for a CFM engine. I do know that on at least some engines the blades are replaced during an engine overhaul. (I don’t remember if the fan blades replaced or if only compressor and/or turbine blades are replaced.) Overhauls happen regularly according to FAA dictated schedules, or if problems are discovered.

Tam has an interesting take on the fact that most people are oblivious to the dangers that surround them in everyday life. Forget about the dangers involved in sealing yourself in an aluminum can, and traveling at an altitude of 30,000 feet or so, at several hundred miles per hour. I suppose that oblivion has something to do with why everyone wants to “feel safe.” (As opposed to them actually being safe.)

Here is a short video on the CFM56 engine. The engine that caused the problems on Southwest 1380 was a CFM56-7B. It isn’t great, and it leaves out some of the more interesting facts, but it is only 3 minutes long. There are some good videos out there, but they tend to be long, and the short videos tend to be ads. This is a CFM video about CFM engines, but it is remarkably free of advertising insanity. There are some interesting videos on the testing done on an engine before it is certified – bird strike tests, etc. They are easy to find.


Robotic Astronomy to Hunt for Asteroids

It is an interesting idea: Robotic observatories. The Silicon Graybeard: Where (This) Man Has Never Gone Before

Ultrascope from the Open Space Agency is an open source, small reflecting telescope, designed to be put together with a minimal amount of specialized knowledge, but assuming the builder has a 3D printer available and access to other “modern tech”, like smart phones and a good internet connection.

And From the Ultrascope description.

[From the Ultrascope link] Ultrascope is a global citizen science initiative developed to radically reduce the cost of contributing to real science by enabling DIY engineers and amateur astronomers to perform useful measurements; specifically lightcurve photometry, which generates useful data for a number of scientific applications, including planet finding and asteroid hunting.

The only downside is that they are “currently” using a windows smartphone as the control unit. Over 4G LTE. But they have licensed it under CERN’s license structure so others can (and probably will) expand on it.

Silicon Graybeard is a man of many talents it would seem. More info at Open Space Agency.

You Get Hacked. Why Wait a Month to Notify People?

This hack hit Sears, Delta and Best Buy through a subcontractor they all use. The breach hit in October, 2017. They were “informed” last month. So why wait a month to tell people? (Give the execs time to sell stock? That’s the cynic in me.) Best Buy says it was hit by same data breach as Sears and Delta

Best Buy said on Friday that some of its customers’ credit card information may have been compromised in a data breach that also hit Sears and Delta Air Lines.

The breach at a 3rd party company – [24]7.ai – that supports chat, occurred between late September and mid October of last year. That 3rd party waited until last month to inform their customers and they have waited until this month to inform their customers. And it looks like Best Buy only came clean because Sears and Delta went public yesterday. (So how long would they have waited?)

So I understand that shit happens. But why does everyone wait and wait and wait to tell the public? At this point in the 21st Century you should have a PR plan in place for when you get hacked. That should be in place now. You should be able to alert the public the day you have the breach closed. But the corporate “cover-your-ass” culture seems too ingrained for that. In at least 1 instance (memory fails me, but I would bet on Equifax, though that may just be because that breach still pisses me off) the execs sold shares before they announced the hack. (And before the stock fell.)

So tell me, is there ANY company in the world that can be trusted with customer data?

Tech News Roundup. Tesla, Hacking 911, Another Data Breach

There is too much insanity for individual posts….

First we have Tesla. Someone conducted a very unscientific test, but was able to reproduce some of the behavior reported prior to the latest crash.

They want you to believe it was the driver, or a broken part. I think the real reason is that auto-driving cars are not quite ready for prime time. Video shows Tesla Model S Autopilot veering towards barrier where fatal crash occurred – SlashGear

Unfortunately the part that seems to be broken in this video is the autopilot. Not a scientific test, but with 2 data points that line up….

Will be interesting to see if anyone else does something similar.

This is an easy prediction: Attacks on cities and on 911 infrastructure will continue for the foreseeable future.

Cities remain a tempting target for hackers. Cities continue to be vulnerable. (They love to put stuff on the intertubes, but they don’t love to pay for security.) Hackers have taken down dozens of 911 centers. Why is it so hard to stop them?

There have been 184 attacks on cities in the past 2 years.

911 centers have been directly or indirectly attacked in 42 of the 184 cases on SecuLore’s list, the company says. Two dozen involved ransomware attacks, in which hackers use a virus to remotely seize control of a computer system and hold it hostage for payment.

It doesn’t say how many of those attacks were WannaCry, or one of the variants patched by Microsoft last year, but I think it probably fair to say that at least some of those attacks were the result of city managers ignoring pleas from their IT staff to upgrade old systems. Some of them are denial of service and some of them like the hack of Atlanta are newer problems.

As long as managers and people responsible for paying the bills don’t think security is important, we will have more attacks on 911 centers, more retailers will have their systems hacked, and more people who want to buy something or schedule a vacation or get help in an emergency will pay the price.

And finally, the latest retailer to prove that they shouldn’t be trusted with your credit card (or other) information is Panera.

Continue reading

Yet Another Data Breach at a Retailer

This is getting to be too frequent an occurrence. Saks, Lord & Taylor Hit With Data Breach – WSJ

Saks Fifth Avenue and Lord & Taylor had their credit card system hacked.

Hackers claim they have five million credit card and debit card numbers from the stores and have been releasing them for sale on the “dark web,” a network of websites used by hackers and others to anonymously share information, according to Gemini Advisory LLC, a New York-based cybersecurity firm. The hackers began stealing the card numbers in May 2017, the firm estimates.

They aren’t even the only company this week.

On Friday, Under Armour Inc. disclosed that someone illegally accessed data from its MyFitnessPal fitness-tracking app in late February, affecting some 150 million users. Personal data such as emails, usernames and passwords were exposed, but credit-card information and driver’s license numbers weren’t compromised, the athletic-wear company said.

So why is there always so much time between incident and disclosure?

Atlanta Hit By Cyber Attack

Another city gets hacked. With paper and phones, Atlanta struggles to recover from cyber attack

Atlanta’s top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper.

More cities get targeted because they are tempting targets to people who want to make a name, and they are not taking security seriously. Or at least not putting the money into security.

The attack is by the SamSam virus. It is slightly more sophisticated than WannaCry.

First identified in 2015, SamSam’s advantages are conceptual as well as technical, and hackers make hundreds of thousands, even millions of dollars a year by launching SamSam attacks. Unlike many ransomware variants that spread through phishing or online scams and require an individual to inadvertently run a malicious program on a PC (which can then start a chain reaction across a network), SamSam infiltrates by exploiting vulnerabilities or guessing weak passwords in a target’s public-facing systems, and then uses mechanisms like the popular Mimikatz password discovery tool to start to gain control of a network.

In this day of readily-available of password-managers, that will generate as complex a password as the system can handle, there is NO Reason that a public-facing system should have “weak passwords.” Though it is a little more complicated than that. The way people administer groups of employees is, in all too many cases, flawed. (Problems with Windows Don’t Help.) And if anything is immune to change, it a bureaucrat in a .gov department who can’t be bothered about those stupid folks in IT who have NO IDEA what they do to run the city.

Google is Finding New Ways to Screw with the Right. Or at Least with Me

I used to get a fair percentage of my monthly visitors to this blog, through web searches on “357 stopping power.” Early on, I got so many visitors looking for that information that I added the page they were looking for. 357 Magnum Ballistic Information. (OK, it isn’t the greatest.)

But lately, since Google/Alphabet along with Facebook and Twitter started their collective war against anyone they disagree with, those people are no longer getting sent to my site.

I’m sure they are finding what they need, but the information isn’t tied to a site that has information on the political insanity of the Left, a collection of posts on how guns are used every week in lawful self-defense, and random attacks on the idea of socialized medicine.

In a world where bakers are compelled to bake cakes they feel violate their religious convictions, why do the internet companies get to discriminate against political opinions they don’t like?