Mars Rover’s ChemCam Instrument gets sharper vision

Likewise, the laser analyses were done at nine different focus settings to obtain one good set of data. In the meantime, the team went back to the drawing board. They figured out that if they discarded a lot of the old code on board their distant subject, they could make room for software that could command the instrument to take the nine images on its own and analyze them on-board to find the best focus.

Source: Mars Rover’s ChemCam Instrument gets sharper vision

The program to run the whole instrument is only 40 kilobytes. The first tests on Mars were completed earlier this week.

OpenSSL bug CVE-2014-0160

If you’re using an older OpenSSL version, you’re safe.

via OpenSSL bug CVE-2014-0160 | The Tor Blog.

I find that statement quite interesting due to how many security experts tout keeping your software constantly updated without realizing sometimes updates can introduce exploit vectors.

From:  The Heartbleed Bug

What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.

From: Exploits allow attackers to obtain private keys used to decrypt sensitive data.

They called on white-hat hackers to set up “honeypots” of vulnerable TLS servers designed to entrap attackers in an attempt to see if the bug is being actively exploited in the wild. The researchers have dubbed the vulnerability Heartbleed because the underlying bug resides in the OpenSSL implementation of the TLS heartbeat extension as described in RFC 6520 of the Internet Engineering Task Force.

Software upgrade at 655 million kilometres

Although Rosetta and MIDAS spent 957 days in hibernation, the MIDAS team back on Earth were busy learning how best to use MIDAS with tests on the Flight Spare (the identical twin instrument). As a result we have made a number of tweaks and enhancements to the software ready for our encounter with comet 67P/CG. After the passive checkout we know that we’re in good shape, so the next step is to upload and apply the software patches. The new software was tested both on the Flight Spare and on an instrument/processor simulator developed by the institute.

via Software upgrade at 655 million kilometres | Rosetta – ESA’s comet chaser.

Open source desktop lowers TCO by 40%

In 2011, the Gendarmerie added 20,000 Ubuntu desktops, and in 2012 added another 10,000. This year, it added 2000 so far. Between March and June of 2013, the police force also performed an update of Ubuntu, upgrading to version 12.04 from 10.04, over its network. “This January, the last constraints will disappear, and we will replace the last proprietary desktop PCs by Ubuntu.”

via French Gendarmerie: “Open source desktop lowers TCO by 40%” | Joinup.

Microsoft botches six Windows patches in latest Automatic Update

In an amazing tour de force, Microsoft’s Automatic Update chute released at least six bad patches on Tuesday. Here’s what’s amazing: It’s just 48 hours or so since the bomb bay doors opened, and Microsoft has acknowledged problems with all of these patches.

via Microsoft botches six Windows patches in latest Automatic Update | Microsoft windows – InfoWorld.

This is why I never do automatic update.

Attacks on Package Managers

To provide an example of the sorts of attacks an attacker can launch on package managers, this page describes an example attack called a replay attack. Other attacks are described on a separate page.

via Attacks on Package Managers.

Here’s a piece of advice I always adhere to for any kind of upgrade.

Manually update your systems (and local mirror caches). Know when package updates become available and what the versions should be. Manually verify and install the updated packages (or add them to your local mirror cache that your systems update from) rather than relying on automated updates. We have observed mirrors many months out of date for some distributions, so you should check periodically that your mirror is being updated.

Microsoft: Uninstall Faulty Patch Tuesday Security Update

Microsoft patchMicrosoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen. Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software.

via Microsoft: Uninstall Faulty Patch Tuesday Security Update | threatpost.

This is why I always turn automatic updates off on all PCs and update on my own terms and on my own schedule.

How Lytro is Shifting Our Perspective on Photography

What’s amazing is how quickly the technology is evolving. There’s no second-generation Lytro yet though it’s safe to assume the Mountain View, CA-based company is working on one. But because light field photography is mostly about computation, not optics or electronics, Lytro can make its existing camera more powerful simply by upgrading the software used to process light-field images.

via How Lytro is Shifting Our Perspective on Photography | Xconomy.

NASA upgrades Mars Curiosity software … from 350M miles away

“We need to take a whole series of steps to make that software active,” said Steve Scandore, a senior flight software engineer at NASA’s Jet Propulsion Laboratory. “You have to imagine that if something goes wrong with this, it could be the last time you hear from the rover.”

via NASA upgrades Mars Curiosity software … from 350M miles away – Computerworld.

Curiosity, while working on Mars alone, needs to be told what it will do every day — move across the bottom of the crater, zap a rock with its laser, scoop up a soil sample. And once a team of NASA scientists make the daily decision as to what the rover will do, programmers have to begin furiously working on up to a 1,000 different commands that will be uploaded to the rover.