William McNabb, Chief Executive of Fund Giant Vanguard, to Step Down | WSJ

William McNabb, Chief Executive of Fund Giant Vanguard, to Step Down; Landon Thomas Jr.; In The New York Times (NYT); 2017-07-13.

Announcement
  • Effective 2018-01-01.
  • Successors
    • CEO: Tim Buckley
    • CIO: Greg Davis
  • New Directors
    • Sarah Bloom Raskin, ex-deputy secretary at the United States Treasury.
    • Deanna Mulligan, chief executive, Guardian Life Insurance Company of America./

Mentions

  • Malvern, PA
  • <quote>Mr. McNabb’s decision could be seen as a pre-emptive strike of sorts to lock in a new generation of leadership at the firm.</quote>

Who

F. William McNabb III

  • age 60
  • Will remain as chair(bot of the Board)
Bio
  • Joined Vanguard in 1986
  • Appointed chief executive in 2008
    replacing Jack Brennan, age 53.

Tim Buckley

  • age 48
  • Current Chief Investment Officer (CIO)
    since 2013.
Bio
  • Joined Vanguard in 1991
    as an assistant to Mr. John Bogle,
  • Clai9ms that he has never considered leaving Vanguard.

Greg Davis

  • age 48
  • Current “head” of the fixed income division.

Jack Brennan

  • Replaced as CEO, 2008
  • Was age 53, in 2008.

Previously

In The New York Times Html &dots;

A tinyLiDAR Sensor for Your Arduino | Alasdair Allan

Alasdair Allan; A tinyLiDAR Sensor for Your Arduino; In His Blog, entitled hackster.io, hosted on Medium; 2017-08-11.

Occasion

tinyLIDAR: The Maker Friendly Laser Sensor Arduino X; on IndieGoGo; WHEN? About NOW; Indiegogo campaign; Separately noted.

Mentions

  • ultrasonic sensors
  • LIDAR → Light Detection and Ranging
  • Controlled from Arduino by I2C

Specifications

Distance measurements from 30 mm → 2000 mm.

Pricing

1x board → $15
3x boards →$39 + $5 SHT

Delivery

2017-10(ish)

Deadline

2017-08-13

Alternates

AliExpress
A simple breakout board for VL53L0X can be picked up for $6.63 a piece, with shipping adding another $2.09 if you’re just after a single board.
AdaFruit
A breakout board for the VL53L0X, for $14.95.

Referenced

Previously

Actualities


 

University of Washington DNA Sequencing Security Study | University of Washington

Frequently-Asked Questions (FAQ)
Computer Security and Privacy in DNA Sequencing
Paul G. Allen School of Computer Science & Engineering, University of Washington

tl;dr → it’s a bug report on fqzcomp, fzcomp-4.6, wrapped in some lab work, wrapped in scare piece wrapped in an academic paper. It mentions DNA, people are made of DNA, YOU are made of DNA.

  • In the future, everyone will be famous for fifteen minutes.
    • They did it for the lulz, and the whuffie.
    • They did it for the FUD.
  • They are frontrunning the presntation of the paper at the conference site in Vancouver, CA
  • But there is nothing to worry about.
    • Really.
    • No, Really.
    • And they’ve already contacted the project sponsors with their work product.
However

Today’s theoretical demonstrations are tomorrow’s practice.

Original Sources

Ney, Koscher, Organick, Creze, Kohno; Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More; In  Proceedings of the USENIX Security Symposium; 2017-08-16; 15 pages.

Concept

  • They created DNA with particular patterns.
  • They used buffer overflows in C & C++ programs.
  • FASTQ, a data format.
  • /dev/tcp accessed via bash

Quotes

  • <quote>Although used broadly by biology researchers, many of these programs are written by small research groups and thus have likely not been subjected to serious adversarial pressure. </quote>
  • <quote><snip/> copied fqzcomp from SourceForge and inserted a vulnerability into version 4.6 of its source code; a function that processes and compresses DNA reads individually, using a fixed-size buffer to store the compressed data.<quote>
  • <quote>Our second exploit attempt uses an obscure feature of bash, which exposes virtual /dev/tcp devices that create TCP/IP connections. We use this feature to redirect stdin and stdout of /bin/sh to a TCP/IP socket, which connects back to our server.<quote>

Moral

The “research” coders do not validate their inputs; they use whatever computer tools are handy for their purpose. Their purpose is to publish papers in their field of study. Their code works just well enough; it is MVP for an MPU. Those “researchers” who do validate their inputs, who do test their code, who do read CVE notices, who do remediate latent vulnerabilities aren’t researchers at all. They are drone coders in an on-time-under-budget, time & materials IT shop. “We” need such people and such skill is a valued trade craft by which to make an honorable living.  But such activity is Not New. It is not The Research.