::: E-MONITOR :::

Software engineering

by Peter Hitchiner

I hope you were aware that Engineers Australia sponsored the Asia Pacific Software Engineering Conference (APSEC). This continues EA’s long standing association with software engineering conferences in particular the Australian Software Engineering Conference (ASWEC) which takes a break in 2011. The College has made opportunities available to students to attend a session to allow them to meet software industry leaders and to network in an activity associated with software engineering conferences, which has become known as “Smart Minds”.

Unfortunately, EA is not readily associated with software and indeed neither with ICT: changing that perception will require persistence and a proactive approach by volunteers and staff. We should be concerned that an engineering organisation such as ourselves is not associated with software engineering because it’s the engineering skills applied to software that can deliver optimum outcomes in ICT projects.

We hear all too often about the software projects which do not meet requirements (in various ways) and we rarely hear of successful ones. Why not submit an article to eMonitor describing successful software and ICT projects you have been involved in and the important role of engineering for that project?

It has been interesting to hear our Eminent Speaker for 2010 Dr Terry Stevenson, CTO of Raytheon Australia, on the topic of “Engineering leadership required in the development of complex systems”. While Terry has completed most of his tour, it is hoped that a video of this presentation will be available on the EA website soon. This should be of interest to all engineers, especially software engineers. Watch the website for details of further presentation dates.

The website should be the ITEE College’s window to the College membership and the wider ICT community. When people seem unaware of the software engineering activity of EA and cannot locate the information on the website I become increasingly concerned that the website is not doing what it should. It’s something the ITEE College should excel with, however, it needs someone to take ownership and drive the content: anyone interested please let me know.

Finally, on software I am hoping sufficient interest in Sydney Division around APSEC 2010 might enable the launch of a software engineering forum similar to a very successful initiative started in Perth and more recently in Adelaide. The forum becomes a regular opportunity for leaders and other proactive engineers to share issues, solutions and network with other software engineers. If you are interested in such an initiative in your Division please let me know.

This column also appears in the ITEE College Board Chair blog http://engineersaustralia.typepad.com/itee_college_chair/. Please post your feedback.

Peter Hitchiner is the ITEE College Chair 2010

Web encryption needed

The only effective fix for “sidejacking” is full end-to-end encryption, according to freelance web application and software developer Eric Butler.

Butler and security consultant Ian “craSH” Gallagher presented their talk, Hey Web 2.0: Start protecting user privacy instead of pretending to, at the hacker conference ToorCon 12 in San Diego earlier this month. It served to remind companies of their responsibilities to protect users.

While most people in the IT and telecommunications industries are aware of the dangers of sending sensitive information over open wireless networks, Butler considers that many popular websites should be doing more to protect their users from sidejacking – the act of stealing a user’s HTTP session once authentication has taken place.

Butler openly criticised social media outlets Facebook and Twitter on his website: “Facebook is constantly rolling out new ‘privacy’ features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website.”

It could be argued that one of the main reasons sidejacking fails to be considered a significant security issue is that the technical knowledge required to perform such an attack is outside of the grasp of the average user.

To address this belief, Butler has released an open source extension to Firefox called Firesheep, which easily allows users to hijack other users’ accounts over open wireless networks without needing any knowledge of the inner workings of sidejacking.

The extension provides a “buddy list” of people’s accounts that are being used nearby and by simply double-clicking, hijacks the account.

At the time eMonitor was published, vulnerable sites included Amazon, Basecamp, bit.ly, Cisco, CNET, Evernote, Facebook, Flickr, Foursquare, Google, Tumblr, Twitter, Windows Live, Wordpress, and Yahoo!. The open-source nature of the extension essentially puts any site that does not route its cookies through the HTTPS protocol at risk as anyone can write scripts to target additional sites.

“Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web.”

back to top

Personal data security unknown

The New South Wales’ policy on securing its residents’ private details has not been properly implemented, according to a recent report released by the NSW Auditor-General.

The report Electronic Information Security is the result of a performance audit performed to determine whether NSW government agencies had properly established and maintained Information Security Management Systems as required under its Security of Electronic Information policy.

According to the report, the government is unable to say with certainty whether its agencies had implemented its policy as it does not know how well agencies are securing sensitive personal information.

The report found that there has been a clear absence of direction and strong leadership to ensure that all government agencies comply with its policy and a fundamental re-think about electronic information security is required.

Along with twelve recommendations, relating to establishing minimum standards, strengthening accountability, and enhancing scrutiny, the report urged the government to publish a new Information and Communication Technology Strategy and establish new electronic information security arrangements by June 2011.

back to top

Building a data centre

Data centre services provider Equinix has awarded a $72 million contract to John Holland to deliver the first stage of construction for its Alexandria Data Centre.

The contract will be delivered under a managing contractor arrangement and includes the delivery of the design phase and construction of the first stage of the facility.

The project is Equinix’s third data centre in Australia and will involve the refurbishment of an existing 18,000m² warehouse in Alexandria, in Sydney. Called SY3, the centre’s first phase will add 1000 cabinet equivalents and is expected to be completed mid-2011. The completed centre will have a total capacity for more than 3000 cabinet equivalents.

Design work for the project is close to being finalised with construction to commence immediately.

back to top

SCADA systems at high risk

The risk of unauthorised access to water and transport infrastructure systems in Victoria is high and could affect the stable delivery of these services to the community, according to a report released by the Victorian Auditor-General.

The report Security of Infrastructure Control Systems for Water and Transport is the result of an audit examining the security of the control and management systems, such as computerised Supervisory Control and Data Acquisition (SCADA), of selected water and transport operators.

It found that operators do not have the physical and electronic controls to detect and prevent inappropriate access to their infrastructure control systems, nor do they have the appropriate governance arrangements such as business continuity planning, policies and procedures required to assure management their infrastructure control systems are secure.

The report also stated that the Department of Sustainability and Environment (DSE), Department of Transport (DOT), and the Victorian Police were not fully aware of the extent of the weaknesses in infrastructure control systems. It said these oversight agencies are not actively monitoring and guiding operators in the management of these systems and that there is a lack of clarity as to who is responsible for the security of these systems.

None of the operators audited were fully compliant with the Terrorism (Community Protection) Act 2003.

The report recommended that operators review their approach to control systems security against the relevant state and international standards, DSE should increase its monitoring and provide advice to operators, and DOT should establish an ICT security team.

back to top

Wireless pest control

Victorian technology company Procept is developing automated biophony sensor technology with the ability to detect and differentiate between sounds of insects, birds and other organisms, for use by farmers.

The wireless technology will help farmers monitor and combat plague pests such as locusts. It will also provide a less invasive method of diagnosing the health of farms and orchards, potentially contributing to the environmental data that is available.

The technology will use sensor stations, connected via a wireless network, to record audio as well as temperature, humidity and other environmental data, which is then transmitted to a central computer and analysed.

The Brumby government has provided $1.5 million in funding via its Smart SMEs Market Validation Program.

back to top

ICT Entrepreneurs

Jens and Lars Rasmussen of Google Australia have been awarded the 2010 NSW ICT Entrepreneur of the Year award.

The pair were responsible for founding Google Maps and Google Wave. The event was held at NSW Parliament in conjunction with National ICT Australia’s NICTA @ NSW Parliament research showcase.

Google Maps was originally a product of the pair’s Where 2 Technologies company, which was then sold to Google, where it continued to build upon its success.

The ICT Entrepreneur of the Year award includes a cash grant, and was supported by Industry and Investment NSW and NICTA (National ICT Australia).

Jen and Lars Rasmussen will be finalists in a new Pearcey National Entrepreneurs Award sponsored by CSIRO. The winner of this new award, to be presented for the first time in 2011, will be drawn from each of the 2010 Pearcey State Award winners.

The NSW ICT Entrepreneur award is presented annually to the most outstanding ICT and digital media individuals, through an open process of peer recognition. The Pearcey foundation itself was founded in memory of Trevor Pearcey, who built Australia’s first and the world’s fourth programmable digital computer, CSIRAC, in Sydney in 1949. Its objective is to reinforce the recognition, knowledge and appreciation of Australia’s ongoing contribution to the development and growth of the ICT professions, research and industry.

Lars has since left Google Australia and according to an interview by the Sydney Morning Herald, was made an offer by Facebook CEO Mark Zuckerberg to join the social media company in San Francisco.

back to top

Sharing wireless broadband

The CSIRO has made a breakthrough in wireless technology, circumventing one of the largest obstacles for the use of wireless as a medium for broadband communications: sharing bandwidth with other wireless users.

The first half of CSIRO’s Ngara technolgy will enable multiple users to upload information at the same time, without reducing their individual systems’ data transfer rate of 12Mb/s.

“Someone who doesn’t live near the fibre network could get to it using our new wireless system,” CSIRO ICT centre director Dr Ian Oppermann said.

“They’d be able to upload a clip to YouTube in real-time and their data rate wouldn’t change even if five of their neighbours also started uploading videos.

“But the really impressive part is the spectral efficiency our team has achieved.”

CSIRO’s spectral efficiency is three times that of the closest comparable technology and the data rate is more than 10 times the industry’s recently declared minimum standard.

CSIRO is achieving spectral efficiency of 20b/s/Hz. Its 12Mb/s, six-user system works in the space of one television channel, which is 7MHz wide.

Wireless research director for Gartner, Robin Simpson, said the most promising aspect of CSIRO’s Ngara technology is that it aims to re-use old analog TV channels – the resulting spectrum from the Digital Dividend.

“This means any rural property or business that can currently receive TV signals could in future connect to high-speed internet just by using a new set-top box,” Simpson said.

CSIRO is currently completing the research and testing of the downlink part of the system, which will also run at 12Mb/s per user.

Ngara is a word of the Darug people meaning to listen, hear and think. The Darug people are the traditional owners of the land on which the ICT Centre’s Sydney lab sits. This project is supported by the Science and Industry Endowment Fund.

CSIRO's Ngara technology will re-use old analog TV channels.

back to top

Hacking Google

The Google Security Team has issued an open challenge to anyone that can demonstrate new vulnerabilities in its sites that display or manage sensitive authenticated user data.

Anyone who discovers a new vulnerability and reports it will be rewarded US$500. Severe or unusually clever vulnerabilities can attract up to US$3133.70.

The challenge is a way to reward those who contribute back to Google, but also a way to stem Google’s exposure to zero-day attacks where attackers gain knowledge of vulnerabilities and exploit them before the developer can issue a fix.

Offering a financial incentive to confidentially report vulnerabilities may reduce the risk that a vulnerability becomes public and open to exploitation.

More information about Google’s challenge is available online.

back to top

Defence correction

The image published as part of the story “Trial completed for infrared warning system” in the December 2009 issue of Monitor included an image of test firing that occurred at the Commonwealth’s Proof and Experimental Establishment, Graytown Vic, not at the Thales Facility in Lithgow, NSW and the photo was provided by the Defence Science and Technology Organisation, not Thales.

Outdoor access point

Motorola Solutions has developed an outdoor high performance, multi-radio 802.11n mesh access point that delivers broadband network capacity and performance.

The Motorola AP 7181 has adopted technology such as Motorola’s ADEPT (Advanced Element Panel Technology) antenna system to achieve maximum data rates by enabling dual-datastream communication using dual polarisation antennas.

Leveraging multiple transmit and receive RF chains, dual polarised antennas and software configurable down tilt, the AP 7181 achieves excellent coverage without the self-shadowing caused by multiple dipole antennas.

In addition, the AP 7181 features 2.4 GHz and 5.x GHz radios that support 3x3 MIMO (Multiple Input Multiple Output) technology, reaching a maximum data rate of 300Mb/s. This results in additional capacity, which delivers improvements at both the client and backhaul level.

The MIMO technology is combined with high performance radios designed by Motorola to maintain high power transmissions at some of the highest data rates. Its ability to use 40MHz channel widths allows engineering firms to use the added capacity of the AP 7181 for applications such as remote videoconferencing.

The AP 7181 has a maximum data rate of 300Mb/s.

Data cable for railways

Belden has created a flexible Ethernet data cable for mission critical railway and mass transit applications.

The Belden BE43769 cable is a halogen-free Cat 5e Ethernet cable that meets railway industry standards. This highly specialised data cable reliably delivers real time information for operators and passengers, on-board as well as in terminals and control rooms.

The new data cables have excellent mechanical resistance and a small bending radius for installation within limited spaces. They can be operated in temperatures ranging between -40°C and +90°C.

Signal integrity is assured through high screen coverage in combination with Belden's Beldfoil technology. The cables are fully compatible with M12 connectors for field installable or pre-moulded cable assemblies.

The Belden BE43769 cable, is ideal for a wide range of applications including passenger information and entertainment; security and surveillance; operational train controls; fare collection and ticket validation; location-based services; and/or any required combination of data, voice, video-streaming, conferencing and monitoring, tracking, intercom and system control on one single network.

The Belden BE43769 meets railway industry standards.

Tiny GPS module

Round Solutions has created a tiny GPS module based on the SiRF IV chipset.

The ORG4472 GPS module provides higher sensitivity and consumes less power than previous GPS systems, extending battery life for small handhold devices due to its passive GPS antennas, which can be used without losing performance.

It measures 7 x 7 x 1.4 mm the smallest GPS module of the world and is mounted via surface mount technology. There are no costs for RF connectors or cable and no manual work is required in production.

Its integrated interface for accelerometers, gyrometers or other sensors makes “dead reckoning” (estimating its position based on last known fix and known travel factors) easy. Using “dead reckoning” tracking can be achieved even without sight to satellites, for example in tunnels.

The ORG4472 on a SIM card.

Engineering Education Australia

Fear free presentations (1 day) Brisbane 25 Nov.

For further information on these and other events organised by Engineering Education Australia go to www.eeaust.com.au.

Engineers Australia conferences

The 19th Australian Institute of Physics Congress incorporating the 35th Australian Conference on Optical Fibre Technology (AIP/ACOFT 2010) will be held in Melbourne on 5-9 December. Inquiries: www.aip2010.org.au.

The 15th International conference for women engineers and scientists will be hosted by Engineers Australia's National Committee for Women in Engineering and the International Network for Women Engineers and Scientists in Adelaide 19-22 Jul 2011. Inquiries: www.icwes15.org. The deadline for submission of abstracts is 1 December 2010.

For a more comprehensive list of Engineers Australia's conferences, visit www.engineersaustralia.org.au/conferences.

Other events

The 2011 World Engineers’ Convention will be held on 4-9 Sep 2011 in Geneva, Switzerland. Titled “Engineers power the world – Facing the global energy challenge”, the convention seeks to encourage innovative engineering aimed at solving the problem of globally sustainable use of energy. For more information go to www.wec2011.org or contact info@wec2011.org.