“Have you tried turning it off and on again?” is a common tech support maneuver that everyone already seems to know and apply to just about all the wonky tech in their life. But would you tell someone to apply it to a reservoir? Someone did, and with disastrous results, at least according to a report on the lead-up to the collapse of a reservoir in the city of Lewiston, Idaho — just across the Snake River from Clarkston, Washington; get it? According to the report, operators at the reservoir had an issue crop up that required a contractor to log into the SCADA (supervisory control and data acquisition) system running the reservoir. The contractor’s quick log-in resulted in him issuing instructions to local staff to unplug the network cable on the SCADA controller and plug it back in. Somehow, that caused a variable in the SCADA system — the one storing the level of water in the reservoir — to get stuck at the current value. This made it appear that the water level was too low, which lead the SCADA system to keep adding water to the reservoir, which eventually collapsed.
Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.
One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.
Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.
Thanks to [cfacer] and [ToniSoft] who sent these tips!
Photo via Wikimedia Commons.
Will it or won’t it? That’s the question much on the minds of astronomers, astrophysicists, and the astro-adjacent this week as Betelgeuse continued its pattern of mysterious behavior that might portend a supernova sometime soon. You’ll recall that the red giant star in the constellation Orion went through a “great dimming” event back in 2019, where its brightness dipped to 60% of its normal intensity. That was taken as a sign that perhaps the star was getting ready to explode — or rather, that the light from whatever happened to the star 548 years ago finally reached us — and was much anticipated by skywatchers, yours truly included. As it turned out, the dimming was likely caused by Betelgeuse belching forth an immense plume of dust, temporarily obscuring our view of its light. Disappointing.
Those who gave up on the hope of seeing a supernova might have done so too fast, though, because now, the star seems to be swinging the other way and brightening. It briefly became the brightest star in Orion, nearly outshining nearby Sirius, the brightest star in the sky. So what does all this on-again, off-again business mean? According to Dr. Becky, a new study — not yet peer-reviewed, so proceed with caution — suggests that the star could go supernova in the next few decades. The evidence for this is completely unrelated to the great dimming event, but by analyzing the star’s long history of variable brightness. The data suggest that Betelgeuse has entered the carbon fusion phase of its life, a period that only lasts on the scale of a hundred years for a star that size. So we could be in for the ultimate fireworks show, which would leave us with a star brighter than the full moon that’s visible even in daylight. And who doesn’t want to see something like that?
There are few challenges more difficult or dangerous than trying to get around the majority of North American cities by bicycle. Not only is the bicycle infrastructure woefully inadequate for safe travel (if it exists at all), but it’s often not maintained to any reasonable standard, either. This goes double in colder areas, where bike paths can essentially become abandoned in the winter after a snowfall. [Phil] found himself in this situation recently after a snowfall in western Canada and decided to DIY his own bike-powered snowplow to help keep his bike paths cleared.
The plow is built around an electric-assisted cargo bicycle, which is almost as rare in North America as bicycle infrastructure itself, but is uniquely suited to snowplow duty. It has a long wheelbase and a large front cargo area that can be weighed down if needed to ensure the plow makes good contact with the ground. The plow itself is built out of sections of plastic 55-gallon drums, which have been cut into two scooping sections and attached to the bike with a wooden 2×4 frame. The plow can be raised or lowered with a ratchet strap mechanism, and the plastic scoop skips over bumps in the path with relative ease.
With this relatively simple mechanism attached to his bike, [Phil] can make sure the trails that he frequents around Vancouver are more suitable for bike travel in the winter. Riding a bicycle through the winter, even in the coldest of climates, is not that difficult with the right support and investment in infrastructure, and this build is the best DIY solution we’ve seen to bicycle infrastructure support outside of adopting something like this remote-controlled snowblower to the job.
Russia’s loose cannon of a space boss is sending mixed messages about the future of the International Space Station. Among the conflicting statements from Director-General Dmitry Rogozin, the Roscosmos version of Eric Cartman, is that “the decision has been made” to pull out of the ISS over international sanctions on Russia thanks to its war on Ukraine. But exactly when would this happen? Good question. Rogozin said the agency would honor its commitment to give a year’s notice before pulling out, which based on the current 2024 end-of-mission projections, means we might hear something definitive sometime next year. Then again, Rogozin also said last week that Roscosmos would be testing a one-orbit rendezvous technique with the ISS in 2023 or 2024; it currently takes a Soyuz about four orbits to catch up to the ISS. So which is it? Your guess is as good as anyones at this point.
At what point does falsifying test data on your products stop being a “pattern of malfeasance” and become just the company culture? Apparently, something other than the 40 years that Mitsubishi Electric has allegedly been doctoring test results on some of their transformers. The company has confessed to the testing issue, and also to “improper design” of the transformers, going back to the 1980s and covering about 40% of the roughly 8,400 transformers it made and shipped worldwide. The tests that were falsified were to see if the transformers could hold up thermally and withstand overvoltage conditions. The good news is, unless you’re a power systems engineer, these aren’t transformers you’d use in any of your designs — they’re multi-ton, multi-story beasts that run the grid. The bad news is, they’re the kind of transformers used to run the grid, so nobody’s stuff will work if one of these fails. There’s no indication whether any of the sketchy units have failed, but the company is “considering” contacting owners and making any repairs that are necessary.
For your viewing pleasure, you might want to catch the upcoming documentary series called “A League of Extraordinary Makers.” The five-part series seeks to explain the maker movement to the world, and features quite a few of the luminaries of our culture, including Anouk Wipprecht, Bunnie Huang, Jimmy DiResta, and the gang at Makers Asylum in Mumbai, which we assume would include Anool Mahidharia. It looks like the series will focus on the real-world impact of hacking, like the oxygen concentrators hacked up by Makers Asylum for COVID-19 response, and the influence the movement has had on the wider culture. Judging by the trailer below, it looks pretty interesting. Seems like it’ll be released on YouTube as well as other channels this weekend, so check it out.
But, if you’re looking for something to watch that doesn’t require as much commitment, you might want to check out this look at the crawler-transporter that NASA uses to move rockets to the launch pad. We’ve all probably seen these massive beasts before, moving at a snail’s pace along a gravel path with a couple of billion dollars worth of rocket stacked up and teetering precariously on top. What’s really cool is that these things are about as old as the Space Race itself, and still going strong. We suppose it’s easier to make a vehicle last almost 60 years when you only ever drive it at half a normal walking speed.
And finally, if you’re wondering what your outdoor cat gets up to when you’re not around — actually, strike that; it’s usually pretty obvious what they’ve been up to by the “presents” they bring home to you. But if you’re curious about the impact your murder floof is having on the local ecosystem, this Norwegian study of the “catscape” should be right up your alley. They GPS-tagged 92 outdoor cats — which they dryly but hilariously describe as “non-feral and food-subsidized” — and created maps of both the ranges of individual animals, plus a “population-level utilization distribution,” which we think is a euphemism for “kill zone.” Surprisingly, the population studied spent almost 80% of their time within 50 meters of home, which makes sense — after all, they know where those food subsidies are coming from.
Sad news from Germany, with the recent passing of a legend in the crypto community: Mr. Goxx, the crypto-trading hamster. The rodent rose to fame in the crypto community for his trades, which were generated at random during his daily exercise routines — his exercise wheel being used like a roulette wheel to choose a currency, and a pair of tunnels determined whether the transaction would be a buy or sell. His trading career was short, having only started this past June, but he was up 20% over that time — that’s nothing to sneeze at. Our condolences to Mr. Goxx’s owners, and to the community which sprung up around the animal’s antics.
It might seem a little early to start planning which conferences you’d like to hit in 2022, but some require a little more lead time than others. One that you might not have heard of is DINACON, the Digital Naturalism Conference, which explores the intersection of technology and the natural world. The con is set for the entire month of July 2022 and will be held in Sri Lanka. It has a different structure than most cons, in that participants attend for a week or so on a rotating basis, much like a biology field station summer session. It sounds like a lot of fun, and the setting couldn’t be more idyllic.
If you haven’t already killed your holiday gift budget buying NFTs, here’s something you might want to consider: the Arduino Uno Mini Limited Edition. What makes it a Limited Edition, you ask? Practically, it’s the small footprint compared to the original Uno and the castellated edges, but there are a bunch of other extras. Each elegant black PCB with gold silk screening is individually numbered and comes in presentation-quality packaging. But the pièce de résistance, or perhaps we should say the cavallo di battaglia, is that each one comes with a hand-signed letter from the Arduino founders. They honestly look pretty sharp, and at $45, it’s really not a bad collector’s piece.
And finally, the YouTube algorithm giveth again, when this infrastructure gem popped up in our feed. You wouldn’t think there’d be much of interest to see in a water main repair, but you’d be wrong, especially when that main is 50′ (15 m) below the surface, and the repair location is 600′ (183 m) from the access hatch. Oh yeah, and the pipe is only 42″ (1 m) in diameter, and runs underneath a river. There’s just so much nope in this one, especially since the diver has to swim into a special turning elbow just to get pointed in the right direction; how he turns around to swim out is not worth thinking about. Fascinating tidbits include being able to see the gravel used to protect the pipe in the riverbed through the crack in the pipe, and learning that big water mains are not completely filled, at least judging by the small air space visible at the top of the pipe. Those with claustrophobia are probably best advised to avoid this one, but it’s still amazing to see how stuff like this is done.
At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.
In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?