Friday, December 21, 2012

Did the world just end?

I am composing this message on August 11th 2012, and set this message to be auto-posted on December 21st, 2012 at 11:11 EST.

5125 years ago on August 11th 2012, the first cycle of the Mayan Long Count Calendar started ticking, on August 11 3114 BC. The 12th cycle of the 144,000 day Long Count just completed at December 21st, 2012 at 11:11 AM EST (The moment this should have appeared if the world did not end).

What do you think will happen when Earth lines up with the Center of the Galaxy today, an event that happens every 25,920 years (360 degrees times 72 years)? No, leap years have nothing to do with any of this, Mayan Calendar is based on star positions...

Did the world end, and you are the only one left to read this? Does Internet still exist? Did the New Madrid Seismic Zone cut the US in half in October with a 7.7 or grater magnitude quake? Was there a new Carrington Event? Did the Dollar Die? Was there a good October Surprise? Was there a presidential election?

Hopefully none of those events happened. If the world has ended then let us hope that the 4th Age of Mankind has ended and the new 5th age is one of a new concusiuoness...

How are you spending your End of the World day today?

Sunday, December 16, 2012

Tricorder gets a step closer with the iTube food allergy tester

The Star Trek Tricorder inches closer to reality. Lab on a Chip journal recently published an article, A personalized food allergen testing platform on a cellphone, dubbed the iTube (Are you getting to hate these meaningless 'i's as I am?).

Abstract: We demonstrate a personalized food allergen testing platform, termed iTube, running on a cellphone that images and automatically analyses colorimetric assays performed in test tubes toward sensitive and specific detection of allergens in food samples. This cost-effective and compact iTube attachment, weighing approximately 40 grams, is mechanically installed on the existing camera unit of a cellphone where the test and control tubes are inserted from the side and are vertically illuminated by two separate light-emitting-diodes. The illumination light is then absorbed by the allergen assay that is activated within the tubes, causing an intensity change in the acquired images by the cellphone camera. These transmission images of the sample and control tubes are digitally processed within 1 sec using a smart application running on the same cellphone for detection and quantification of allergen contamination in food products. We evaluated the performance of this cellphone based iTube platform using different types of commercially available cookies, where the existence of peanuts was accurately quantified. This automated and cost-effective personalized food allergen testing tool running on cellphones can also permit uploading of test results to secure servers to create personal and/or public spatio-temporal allergen maps, which can especially be useful for public health in various settings.
Other details may be found at: Got food allergies? Thanks to UCLA, you can test your meal on the spot using a cell phone and the Lab on a Chip blog. The Tricorder gave immediate results, with the iTube we must wait twenty minutes. Yes there is an App. for that...

What does a new politician have to do?

We all know from watching the news that to be a politician at least one of the Seven Deadly Sins of Mankind must be the driving force in the politicians life.

Maybe you don't like how the recent election turned out, continuing the Status Quo, and had a fleeting thought of become a politician that could actually do the Will of the People. What does it take to become a new politician beyond money? Did you know there is actually a book about this?:

Setting Course A Congressional Management Guide by the Congressional Management Foundation, and the New Member Resource Center: Helping Members-Elect Successfully Transition to Congress. There is also the Members' Handbook put together with your tax dollars.

Just remember if you have any ethics you need not apply. After all who else gets 67 days of paid vacation a year, and does not have to do their job (pass a budget) and still get paid, and get to vote to raise...

A Principles and Practices Exam Specification to Support Software Engineering Licensure in the United States of America

The first quarter 2013, Volume 15 Issue 1, issue of Software Quality Professional from the American Society for Quality has a couple of articles on the state mandated licensing of software engineers, that I have been chronicling.

A Principles and Practices Exam Specification to Support Software Engineering Licensure in the United States of America (PDF, 142 KB) by Phillip Laplante, Beth Kalinowski, and Mitchell Thornton, along with some Supplementary Material (PDF, 483 KB).
Software Quality Professional has published many open access articles over the years, alas these are not among them, you must be a ASQ member to read them, this only serves to reinforce my view that this whole licensing issue is all about making money for those that sell training material.
Summary: In April 2013 several states in the United States will require licensure for certain individuals who are involved in the creation of software that can affect the health, safety, and welfare of the public. It is expected that eventually, all states and jurisdictions in the United States will require such licensure. Each state has different licensure criteria, but all include certain educational and experiential requirements, passing two tests, with one being a common test of engineering fundamentals, and the other a test of minimal competency in relevant areas of software engineering knowledge and practice. While the common test of engineering fundamentals exists, the software engineering examination does not. In order to develop this examination, the authors conducted a study using a multimethod approach in identifying the professional activities and knowledge/skills that are important to the competent performance of software engineers who serve the public. In this article the authors describe the study, the results, and the test specification that was derived. Demographic information for the survey respondents is also presented.

I'll summarize some of the highlights. The article opens by telling us that many engineers are exempted from licensure such as industrial or government entities. This reinforces what I said in my first article, this is about killing off the independent contractors and those with no formal degrees (Maryland does have a non-degree path to licensing, and other states will recognize Maryland's license). Also the information that I have gathered and posted about what each state is doing is up to date, where the cited material in the article is from 2010.
Most of the article is about how the statistics and sampling methods used to come up with the areas for the test, based on the format of The Standards for Educational and Psychological Testing, coming up with these main categories:
  1. Requirements
  2. Design
  3. Construction
  4. Testing
  5. Maintenance
  6. Configuration management
  7. Engineering processes
  8. Quality assurance
  9. Safety, security, and privacy
Those categories were deemed the most important of those surveyed from IEEE-CS and IEEE USA, of which only 323 people participated. Apparently few to none of those returning the survey are doing firmware nor Embedded Systems. We need to have more representation in those groups? Personally I aways find it troubling that groups that I have no representation in are creating rules that affect my life. On the other hand I personally have no desire to participate in nor support such groups.
Data analysis by respondent subgroups was in some cases based on job title. This is ironic considering the Texas Board of Professional Engineers, one of the main groups behind licensing, states:
"The best way to avoid problems is to practice title abstinence." - What Do You Mean I Can't Call Myself a Software Engineer? by John R. Speed.
The supplemental material goes into detail about the demographics of the survey respondents.
Then we have this final nugget, saying that whole process may be improperly biased:
Finally, there is controversy as to the need for professional licensure and it is possible that those who disagreed with the need for licensure opted out of the survey upon receiving an invitation, thus biasing the results somehow.
Myself I would have abandoned this approach when I found that there was only a 7.36 percent participation. Guess if you have an agenda to push such things don't matter...
The Institute for Software Excellence 2013 (Indianapolis, May 6-8), sponsored by the ASQ Software Division, is planing to have a session on the professional licensing topic presented by Professor Laplante. The ISE website has not been updated as I write this with the exact details.

Thursday, December 6, 2012

Comet to cause EMP Armageddon? Are you prepared for EMP?

At least once I year I try to bring attention to how vulnerable our technology is to Electromagnetic Pulse (EMP) events. David Eichler and David Mordecai article Comet Encounters and Carbon 14 published in The Astrophysical Journal Letters; Volume 761 Number 2 got me motivated to write my 2012 EMP warning.

The [Carbon-14] production of shock-accelerated particles is calculated in terms of the total energy released in energetic particles. The recently reported 1.2% jump in the [Carbon-14] content of the atmosphere in the year C.E. 775, it is found, would require 1034 erg in energetic particles, less than first estimates but far more than any known solar flare on record. It is noted that the superflare from a large comet (comparable to C/Hale-Bopp) colliding with the Sun could produce shock-accelerated GeV cosmic rays in the solar corona and/or solar wind, and possibly account for the C.E. 775 event. Several additional predictions of cometary encounters with the sun and other stars may be observable in the future.

Bruce Dorminey, converts that to Human in his article Sun-Grazing Comets As Triggers For Electromagnetic Armageddon. The bottom line is that a comet in the year 775 may have triggered the largest EMP event ever recorded on Earth within the time of Human Memory, and it could happen again. The end of the Mayan Calender is less than twenty days away...

Several interviews with Government officials on their concerns over EMP, and most importantly Are you prepared for EMP? are items that you must read.

See also Congress told: U.S. life 'unsustainable' after EMP by F. Michael Maloof, in reference to: Written testimony of National Protection and Programs Directorate Infrastructure Analysis and Strategy Division Director Brandon Wales for a House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies hearing titled "The Electromagnetic Pulse (EMP) Threat: Examining the Consequences."

" large a swath of American technology that between 70 percent to 90 percent of the United States' population could become unsustainable."

My past articles will explain the issues with EMP if you need a refresher:

As reported in a recent issue of the Amateur Radio Magazine QST if you need an impromptu Faraday-Cage for your equipment, put it in your washing machine (and don't run it as if it that needs to be said, sigh).

Watch the sky and keep an eye on the Space Weather...

Military wants to test your Widgets Firmware for Malice

Defense Advanced Research Projects Agency (DARPA) starts the DARPA-SN-13-07: VET - Vetting Commodity IT Software and Firmware program and announces upcoming Proposers' Day on December 12th.

DARPA wants to make sure that any devices used by the Department of Defense (DoD) does not contain any hidden backdoors, such as this real world case from this week [Dec/6/2012] as reported in @RISK: The Consensus Security Vulnerability Alert; Vol. 12, Num. 49, from the SANS Institute:

ID: : CVE-2012-4964
Title: Samsung Printer Firmware Contains A Backdoor Administrator Account
Vendor: Samsung
Description: Samsung printers contain a hardcoded account that could
allow a remote attacker to take control of an affected device.
CVSS v2 Base Score: 9.0 (AV:N/AC:M/Au:N/C:C/I:C/A:P)

If you are printing Classified Documents, or documents that your competitor would really like to see, can you be sure that your printer is not spying on you? Point your web browser at your printers IP address and you might find there is a web server running there that you knew nothing about.

How would you check your printer for such a backdoor? Now how would you check millions of different devices for possibly millions of different ways of exploiting the device? This is the challenge facing the DoD. They need an automated way to vet devices to prove that no such backdoors exist. I covered this to some degree a couple of years ago in Killed by Code: Software Transparency in Implantable Medical Devices. Making source code available for independent audits is one approach (admittedly a bit self-serving as I do such audits on occasion), but that method does not scale to the number of devices in question. What would you do, is what the DoD wants to know?

VET will attempt to address three technical challenges:

"DoD relies on millions of devices to bring network access and functionality to its users," said Tim Fraser, DARPA program manager. "Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception."

VET will attempt to address:

  • Defining malice: Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out?
  • Confirming the absence of malice: Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality?
  • Examining equipment at scale: Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device used by DoD prior to deployment?

Anyone up for a Road Trip to Arlington, VA for the Proposers meeting? Note that DARPA is a secure facility. Visitors should arrange an appointment with a program manager or other DARPA staff prior to visiting.

IRS Releases Job Killing Medical Device Tax Guidance

The Office of the Federal Register has released the Internal Revenue Services (IRS) guidance document on the job killing Taxable Medical Devices, that I covered last year: Do you work in the Medical Device field? You won't after 2013 due to this new Tax. My four top picks:

One commenter suggested that the listing rule is overbroad because it includes virtually all types of medical devices in the tax base. The commenter requested that the final regulations narrow the definition of a taxable medical device so that the excise tax is imposed only on devices that Congress specifically intended to subject to the tax.

The final regulations do not adopt this suggestion.

[Doublespeak translation: It is a device if we say it is a device.]

Sale price:

Numerous commenters suggested that the IRS apply the constructive sale price rules with flexibility and sensitivity to data limitations that medical device companies face. The IRS and the Treasury Department recognize that the medical device industry will likely face some implementation issues when the medical device excise tax goes into effect on January 1, 2013, and the IRS intends to work with stakeholders on compliance-related issues, such as the determination of price.

[Doublespeak translation: You and I are going to pay through the nose for any medical device to just to handle all this new paperwork!]

Licensing of software:

One commenter requested clarification on whether the licensing of software that is a taxable medical device is a taxable event. Under existing chapter 32 rules, the manufacturers excise tax generally attaches upon the sale or use of a taxable article by the manufacturer. The lease of a taxable article by the manufacturer is considered a sale. Neither the existing chapter 32 rules nor the final regulations address the issue of whether the licensing of a taxable article is a taxable event. However, the IRS and the Treasury Department will issue separate interim guidance along with these regulations to address this issue.

[Doublespeak translation: Not even the FDA can figure out what the IRS wants, or is it the other way around?]

Semimonthly deposits:

Several commenters suggested that the semimonthly deposit requirements under section 6302 are burdensome to medical device manufacturers because device manufacturers have little or no experience with returning and paying federal excise taxes and because manufacturers need time to develop their systems to implement these final regulations...Given that the tax goes into effect on January 1, 2013, the IRS and the Treasury Department will issue separate interim guidance along with these regulations that addresses penalties under section 6656.

[Doublespeak translation: We don't care if you know how any of this stuff works, and we have not gotten around to writing the statute that would tell you yet, even tho we had a year to do it, but we do have the system of applying involuntary monetary fortuities {high fines that raise costs for you and I} in place now.]

The job killing tax, part of the Patient Protection and Affordable Care Act, has already been taking its toll this year. It may hit the Cleveland/Pittsburgh area hard. Resume anyone?