AstrotalkUK

Not for profit website/blog on astronomy, space and my writing

Quick Update

By Leave a Comment

Scheduled EpisodesIts been a while since I posted episode 72.  Now that the book The Indian Space Programme has been published, I am resuming the podcasting. You can see some Amazon Reviews and if you have one, add your own too. More about that book on this short BBC radio interview here.

Podcast: Play in new window | Download (0.0KB) | Embed

Subscribe: Spotify | RSS | More

.

If you want you can subscribe to my monthly newsletter. The previous newsletter (March 2018) available here. April’s newsletter coming out tomorrow!

Scheduled episodes currently looks like this

  • Episode 73. Dr. Rajan Bedi – Using Commercial Of the Shelf (COTs) Components to build spacecraft (1st May 2018)
  • Episode 74. Dr Brian Weeden –  Space Debris and Sustainable use of Space (18th May 2018)
  • Episode 75. Dr Quan-Zhi Ye.  China – Back to the Moon with Chang’e 4 (1 June 2018)

Book Launch – Manchester 18:30 Friday 16 March 2018

By Leave a Comment

During the short presentation including pictures that did not make it into the book, the author will outline the book contents, his motivations for writing the book, the research conducted and take questions.

Free to all but need to book online here. Includes drinks (wine and soft drinks) and snacks and no need to buy a book!

Title:     Book Launch – The Indian Space Programme
Date:    Friday 16th March 2018
Time:   18:30 – 20:00
Venue: International Society, William Kay House, 327 Oxford Road, Manchester, M13 9PG. Map
Cost:    Free, includes soft drinks, wine and snacks. Book purchase is not necessary.

Schedule
18:30 – Open for guest – drinks and nibbles
19:00 – 19:30 – Presentation by the author
19:30 – More drinks (inc. wine) and nibbles and book signing
20:00 –  End

Fifty years in the making, India’s Space Programme is fulfilling the vision of its founders and delivering services from space that touch the lives of 1.3 billion people every day. In addition to operating a collection of satellites for weather, Earth observation, navigation and communication, today India has a spacecraft orbiting Mars and a space telescope in Earth orbit.

New Year and New Cyber Vulnerabilities – Spectre and Meltdown

By Leave a Comment

A new year and a new cyber threat. This time the vulnerabilities are baked into the design of microprocessors delivering most of the IT services on the planet. Virtually, all devices, independent of operating systems or installed applications could be affected. It is not just the laptops and PC but almost all devices including tablets, smartphones, virtual servers and impact all vendors including Microsoft, Google, Amazon and Apple.

The vulnerabilities come from serious security flaws in “speculative execution” a technique that enhances the performance of modern processors made by Intel, AMD and ARM. The vulnerabilities with their snazzy names, Meltdown and Spectre were discovered and reported to microprocessor manufactures in June 2017 by Google’s Project Zero team along two papers (Spectre and Meltdown)  published by independent researchers around the same time.  The difference between Spectre and Melton is summarised by https://meltdownattack.com/ as

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”

Spectre is not easy to exploit but has no fix. Meltdown is arguably the more critical of two because it can be exploited in the Cloud Computing environment. Over the last decade, Cloud Computing services have blossomed and now deliver most of the popular applications used by online consumers, governments and industry. Multi tenanting is the mechanism by which cloud service providers can share computer resources (including processor, memory, storage) between multiple customers whilst ensuring secure segregation between them. Meltdown has the potential to undermine this fundamental principle of user segregation in a cloud-based service. Attackers in one cloud-based tenant can exploit Meltdown to access and download data (at 503 KB/s) that they are not authorised to do from a neighbouring tenant.

The flaws were due to be publicised next week but some news agencies, including The Register, published on Monday 2nd January. The vulnerabilities are not easy to exploit and according to the NCSC no exploits have yet been reported, but eventually, the cost of the fix will be humongous. The proposed software fixes reduce CPU process by around 20% to 30%. Commercially that may be too high a price to pay. At the present, the ultimate fix appears to be a hardware one.

Security hole on – MacOS High Sierra. Login as Root – No password needed!

By Leave a Comment

Sounds unbelievable but it is true.  Use the username “root” and hit enter in the password field (i.e. no password) and you have full local admin access! So until it is fixed you physical security will be critical. Maybe a good idea not to travel with the mac. The Apple ecosystem is supposed to be one of the most secure but.. Even Android would (probably) not be that relaxed.

I upgraded to MacOS High Sierra at the weekend and tried out the “bug” today. It has been reported widely.  Not only does it work on the System Preferences panel.

 

 

 

 

 

 

 

 

 

But it works from the login page. Select “Other User”, type in Root as the username, hit enter in the password field (may need to do this a few times) and .. you are in!