Technorama
An omnibus of tech posts by a Futurologist on
software development primarily.
Thursday, 26 March 2015
Bolted airline cockpit doors considered harmful
I've been thinking about this since MH370, and its happened again today. A real trajedy that the airline industry does not have a robust crew safety and security policy.
Cockpit crew protocol for airliners and other craft.
After 11 Sept, 2001, bolts were introduced on inside of airline cockpit doors. These bolts can only be engaged by crew inside the cockpit. This prevents unauthorised entry to the cockpit by persons from the passenger areas of aircraft.
During flight, when each pilot is on a meal or toilet break the cabin crew are radioed, and the put on the SEATED light. Only when everyone is seated, and cabin crew are observing vestibule and gangways does the cockpit crew unlock the bolts. As soon as is possible, the door is shut and bolted again.
The gap in this procedure is that crew are implicitly completely trusted and considered 100% healthy. As was the case with the Egypt Air crash (pilot suicide) and potentially MH370, either the main or co-pilot bolted the door while the other pilot was outside the cockpit. In this eventuality there is no way for any of the cabin crew or locked-out pilot to intervene.
Any illness (eg heart attack) would leave pilot alone in need of medical care inside bolted cockpit.
Likewise any disagreement between pilots or other problem would be a risk.
Proposal for updated protocol
During any time where both pilots are not together in the cockpit, before either leave the cockpit, they must be joined by another member of male crew (if remaining person is male), or female crew (if remaining person is female). This would leave an even balance of power within the cockpit while the other pilot is outside the cockpit.
This change, would eliminate some opportunity for problems should a pilot become unwell while alone in the cockpit.
Additional communications
There must be an independent, battery backed up radio communication set, that the crew have complete control of (in the galley, in rear of the plane).
GPS beacon and transponder must not be possible to switch off.
GPS backup emergency beacon located in galley for emergency crew to use.
Emergency satellite phone for use by crew in the galley.
Oxygen tanks containing 12 hours of oxygen for use by the crew.
Oxygen tanks in the cockpit containing 12 hours of oxygen for use by the crew.
Diagnostics about the plane from black-boxes must be streamed and uploaded to satellites constantly.
Every part of the plane interior, cockpit and exterior covered by HD cameras, that are recorded on the black box
Regarding the bolts
Could consider changing to a combination lock, with emergency override after communication with ground control using a backup emergency radio set.
Regarding ground control
Consider if it would be appropriate to have a way for ground control to override the pilot controls, and direct the auto-pilot to nearest airport to land. This is somewhat risky, as could be subverted by internet crackers if the control channel was acquired.
I wonder if this pilot was fascinated by MH370's disappearance.
http://www.bbc.com/news/world-europe-32063587
Finally, crew and pilots on vulnerable transport such as planes should, like the military, have their medical records shared with the airline, with instantaneous updates on any prescriptions or treatments etc
Wednesday, 25 March 2015
National Rail app full of defects
Time is displayed word wrapped over two lines.
Replacement bus services are displayed for journeys that you are not on.
There's no way to check arrival time of a train I am travelling on.
Monday, 23 March 2015
Software retry
I've noticed that most developers dont put in a retry function in software. What do I mean by this? Well, we use mobile devices and WiFi where connectivity is not constant. For a user experience, what should app do to compensate for?
* first attempt at sending email fails
* meetup RSVP fails first attempt
* app download fails first time.
* WiFi connection is lost while router restarts
Most software just gives up with strange error messages. Gmail app is good in that it retries for a few min.
Its easy to do retry... So developers, please take more care, implement retry mechanism.
Sunday, 22 March 2015
Risky internet of things
Internet of things
We're not ready, everything is often insecure, full of defects, and doesn't automatically update when fixes for new flaws are rolled out.
How many devices still have old BASH? Or use SSL3.0 ? Or old openssl? My LG TV now crashes while changing channel (I did the firmware update it suggested). LG TVs want to do firmware update and re-tune around twice a month.
Products need 30 year software updates.
Software is usually only ever ran under good conditions: 1) known, expected inputs. 2) Expected available memory, files and connections. Software is not tested with 3) Bad inputs, 4) missing files, memory or network connections.
Commercial companies take open-source products like openssl that are maintained by hobbyists, and put in enterprise commercial grade products. Actually they are simply not ready. Most probably have not had static code analysis, a code audit, a security audit. test cases (including exploit vulnerability test cases) developed to confirm is safe. Without these reports there isn't confidence!
Open source presents a huge opportunity for a company to step up, audit, and offer patches to introduce hardened features from the results of static analysis, CERT compliance etc.
UTF8 Considered Harmful
UTF8 is a cute way of storing compact international language files. If they are Latin based, they will be small. It utilises a variable length byte encoding for each real uncompressed character, 1, 2, 3, 4 bytes large
The problem is that software which needs to use the uncompressed character, if you say, want to insert an 'A' character, must decode them all, and must read the memory of every byte to know how much memory to allocate. Either you read the whole string once to determine the number of characters (and bytes) or you have some kind of buffered interface container abstracted behind it. Alternatively, you do UTF8 -> UTF32 and then process in that way.
How to handle the problem where there is not space to copy all 4 bytes? Software needs to carefully work back and NUL terminate before that last 2, 3 or 4 byte encoded character.
For simplicity, I would favour UTF32LE, and then just compress the stream using gzip etc if network bandwidth is an issue. This would allow software to always operate on UTF32
UTF16 is slightly simpler than UTF8, but of course, UTF16 is also a variable length format, also requiring surrogate pairs (e.g. Musical symbol G-clef). Of cause, UTF16 and UTF32 are then either Little Endian, or Big Endian, that should be
Are the memory savings worth the complexity and CPU performance needed to manage them?
However, life is simpler now we have one encoding. http://utf8everywhere.org/
Although a lot of Windows webservers still serve UTF8 files incorrectly as Windows 1251 encoding.
Microsoft APIs are botched, they have UTF16 versions and Latin versions. Writing unicode apps on windows is a frustration.
Lax security costs consumers
I've just received a letter from my credit card provider. They are going to issue me a new card and CCV because they received a notification from Mastercard or VISA. The notification from Mastercard or VISA only provided the account number, not what actually happened in the incident.
Possibly this is related to HomeDepot tills which were cracked and had malware installed that logged card details.
The cost to me is that I need to go through all my online payments, and add a new card. In some cases I need to wait for the test transaction that confirms this is my card. For the ones that I don't update, I will get notifications of failed payments, perhaps even on my credit record that I did not make the payment, this is a disappointment, as it is not my fault.
This incident will cost me around £100 of my time. Who is going to reimburse me.
Who is at fault?
* Interconnected services such as checkout tills which distil, and enrich massive qualities of personal account details into a single point of failure.
* The manufacturer of the checkout tills which were not developed correctly (software security, physical security).
* Staff training (physical security)
* Management oversight, human error.
* External software and hardware quality audit.
* HomeDepot incident response team.
* The crackers who actually exploit these loopholes in security.
Conclusions:
* While there is poverty and lack of education in the world, there will always be crackers and scammers.
* interconnected services may save money upfront, however, when done poorly, and not constantly carefully managed, will cost each credit card user £100 when they cards need to be re-issued.
* Using cash is also risky, can still be mugged.
Actions:
* VISA and Mastercard should claim back £100 per card number from every vendor that has a security breach and pass that on to the consumers affected.
* Consumers - remember to scrub off your CCV, and memorise it. Mastercard and VISA should stop printing it on the back of the card in the first place!
Ref
In Aviation and Automotive we have strict ISO Functional Safety and Quality standards. Why does commerce not have the same?
Defective software report button
Need an easy way to report defects
Every website or app should have defect report button
Leverage the user input.. :)
Website or app developers can then upstream any bug reports that are due to library or other issues.
Enfranchise users.
Saturday, 14 March 2015
Dealing with issues
I've written this after recent correspondence with the NHS.
Within a large organisation you'll get a lot of correspondence come in to your response centre. Its important to have an efficient procedure of management of such correspondence. Staff must be trained. Supervisors must make spot checks. Of course there should be a complaints department too.
Eg.
1. Email recieved.
2. Staff process, if they can give clear response do so. Also offer to look again if any further queries.
3. Staff dont know the answer, but know the team that does. Either provide full contact details. Name. address. Phone number. Email. If r even better, provide and email them with reporter on CC.
4. Dont know answer. Esclate to line manager. Inform reporter.
5. Reporter not satisfied with response. Offer them complaint handling guide. Explain how they can open a complaint.
6. Complaint opended. Provide complaint ref and handler name.
7. Investigate complaint
8. Offer training to staff if 5 is genuine.
Wednesday, 11 March 2015
Dangerous Chiltern Railways
Observations of problems at Chiltern operated London Marylebone. This is my opinion based on having doors closed on me and seeing others suffer the same - as a health and safety issue.
Passengers get train doors closed on them because trains observed depart early.
The 08:48 service typically leaves from platform 5. This is two min fast walk from display board. Display shows until 08:46, and is then taken off. Sadly dispatch crew signal the driver to close doors at 08:47.30. This leaves bewildered passengers on the platform and/or having the doors closed on them while the staff wave the train out one minute early.
Here's a novel idea, what Chiltern should do is advertise the time the doors will close if that is 08:47, that should be the time published on the board. Not the time it is already driving out the station 08:48.
Spoke to London Travel Watch, they didn't appear to understand the problems or want to get involved. I'm unclear if they have done anything. Disappointing response.
Other problems:
The automatic tickets machines are frequently broken. Staff at the customer servuce centre (including station manager) seem completely resigned to the problems. Chiltern should have signed an adequate service commitment with the provider.
11 March 2015 three of the four ATM are out of order. Chiltern should have signed an adequate service commitment agreement with the ATM providers. This mistake costs passengers lots of queuing time.
Chiltern, can you up your game? Support your staff in the station with the tools to give great customer service and satisfaction levels.
Archives
February 2003
March 2003
April 2003
August 2004
September 2004
December 2004
May 2005
June 2005
December 2006
January 2007
February 2007
March 2007
April 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
July 2008
August 2008
September 2008
October 2008
November 2008
December 2008
January 2009
February 2009
March 2009
April 2009
September 2009
November 2009
December 2009
January 2010
April 2010
September 2010
October 2010
November 2010
December 2010
January 2011
February 2011
March 2011
April 2011
May 2011
June 2011
July 2011
August 2011
September 2011
October 2011
November 2011
December 2011
January 2012
February 2012
March 2012
April 2012
May 2012
June 2012
July 2012
October 2012
December 2012
March 2013
May 2013
August 2013
September 2013
October 2013
November 2013
March 2014
May 2014
June 2014
July 2014
September 2014
October 2014
December 2014
January 2015
February 2015
March 2015
April 2015
May 2015
June 2015
July 2015
August 2015
September 2015
October 2015
November 2015
December 2015
March 2016
April 2016
May 2016
July 2016
August 2016
September 2016
October 2016
November 2016
December 2016
January 2017
February 2017
March 2017
April 2017
May 2017
June 2017
July 2017
August 2017
September 2017
November 2017
March 2018
April 2018
May 2018
June 2018
August 2018
October 2018
December 2018
January 2019
March 2019
May 2019
August 2019
September 2019
March 2020
April 2020
May 2020
September 2020
October 2020
February 2022
June 2022
July 2022
October 2022
December 2022
February 2023
April 2023
September 2023
October 2023
May 2024
June 2024
July 2024
Subscribe to Posts [Atom]