John.Bass

's profile
image
Owner/Sr Engineer

John Bass is a seasoned hardware/software developer and consultant, with over 40 years of industry experience, in a broad span of industry applications. Formal education is diverse with Business, Science, Statistics, Electrical Engineering, and Computer Science training over 11 years, resulting in a B.S. Computer Science from CalPoly, San Luis Obispo. Something like a computer engineering degree, with a strong science and business background. Extensive industry experience with drivers, porting, and operating systems, combined with hardware/software/firmware development of server level systems, embedded systems, motion control systems, and robotics. Other experience includes Reconfigurable Computing applications with Xilix FPGA's, 802.11 mesh networks, and Canopy Wireless networks.


John.Bass

's contributions
  • 06.09.2013
  • Voyager: The mathematics of interstellar space travel
  • Relative scarcity pricing based on accessible reserves rather predicts that as soon as that is possible, price depression will rapidly follow. However, the same model applied to construction in space without the cost of lifting refined materials out of earth's gravity, and transporting it great distances without the cost of fossil fuels, means that space can become a significant long term viable habitat. Especially using large solar furnaces to process the ore.
  • 07.27.2015
  • How to improve IoT security
  • Does the security model you have in place include a plan for all the devices being bricked permanently, and disrupting business operations for a significant period of time? Does it include a network isolation plan that prevents the trojan device from effecting business and technical IP theft, or full scale DoS attacks from INSIDE your network? Is the device FULLY transparent, in that you have in your possession full sources for all software (build tool chain, boot loaders, OS, libraries, and applications) and hardware (PLD, FPGA, statemachine ROMS and other programmable memories) so that your staff, or a 3rd party security team, can conduct regular security audits of the device, especially updates BEFORE they are applied? If not .... there is likely to come a day, when you can kiss your job, your business, and your personal assets goodbye. The Sony attack was just a beginning. The attacks by various governments are just a beginning. The cyber war so far has just been for practice ... it's not even really started yet.
  • 07.27.2015
  • How to improve IoT security
  • Product designers and engineers like to think that security is all about making the right decisions about the device, using secure hardware and keys inside the device. With all security attacks, especially those with VERY secure hardware and keys, that auto update, it just means the attack REQUIRES compromising the vendors security. And presto, the mother load is not breaking a single device, or cluster of devices, it's having access to every device the vendor created that's network aware. So trust starts with the vendor .... is the vendor under the control of a hostile government, can the vendor, or it's key employees be influenced by organized crime, or may any of it's key employees effect an attack in support of a rogue influence like hackers anonymous? Is the vendor willing to provide a bond to cover ALL the direct and indirect costs should an attack be directed from, or based on, a security exploit of the vendors trusted position? Can the vendor be purchased by a hostile government? Purchased by organized crime? Purchased by a competitor that would benefit by putting you out of business? Purchased by a rogue business entity that could profit in the markets by disrupting your operations, or stealing valuable business and technical IP from your networks? Any device that auto updates, can instantly turn into a fully compromised trojan attacking your network and business viability in an instant.
  • 07.13.2015
  • Can new job titles upgrade engineers' stature?
  • So a new round of upgrading trash collector titles to something better than Sanitation engineer? It would seem to be more productive to actually make more transparent the responsibilities of a job, and the unique benefits to an organization and society that they position creates. Playing musical chairs with job titles just takes that away, and allows non-productive non-useful positions to hide in the crowd with creative choices for titles.
  • 05.25.2015
  • IoT security may lie in numbers
  • In the greater security domain, IoT devices should be like $100 bills ... minimal device security to detect counterfeits ... but all the physical/environment/network security is the responsibility of the environment they are deployed in, JUST LIKE $100 bills.
  • 06.04.2015
  • The real days of an engineer's week
  • Unless you are a head production engineer responsible for operations (and always on call) at a 24/365 plant, the vast majority of engineers actually really do get the weekend off, and can choose to work or not, depending on their social calendar. In reality that's not much different than senior management being responsible for a large 24/363 retail store, with a lot of young less than professional staff. Or a hospital, long term critical care facility, Ship Captain, senior Airport management, senior military officers on ship or in an active engagement theater, or any of several dozen other jobs that are difficult to walk away from on weekends. At least we can choose which weekends we can see refuge in the lab, without the weekday chatter and disruptions. Or in our home lab or office, in many cases.
  • 05.18.2015
  • When STEM becomes STEAM
  • Hmm ... there are several comments that engineers also need to be artists ... that engineers have to wear all the hats .... like the folks expecting engineers to also be responsible for function AND style .... there is another whole non-engineer support industry that does human factors, product style, packaging, to manage appeal for brand management. And another whole field in college to train those folks. If engineers are responsible for their job too, does that mean to do engineers jobs right they need an additional 30 units in course work to do that job right too? What are the people that take that course work expected to do after engineers put them out of a job?
  • 10.22.2014
  • Should your company build or buy its IoT infrastructure?
  • Devices for the factory floor are likely to be significantly more secure if home grown. I'm pretty sure a factory shutdown from IoT devices being purposefully bricked after a targeted economic warfare attack is a lot more expensive than just having your plant engineers or engineering team grow the devices at home. $40 devices sourced from Asia or the Middle east, have very high risks of being trojan horses. Especially if attached to the internet.
  • 04.30.2015
  • First three rules of IoT security
  • Certainly :) The first question is how much is necessary, and how much should be a necessary part of the deployment environment. $100 bills are designed for very cost effective utility ... they are designed with enough security to minimize counterfeiting, but all the physical access security preventing theft, denial-of-service, storage security, and other security concerns is required for it's ownership are to be built into the owners security models. A $5 IoT fire sensor, or heat sensor, doesn't need $100/unit of amortized NRE to secure and test every possible network attack vector, including those that might cause unintended operation. Nor does a $5 bill. If it's near free, sure include it, as long as it doesn't create a long term product liability for other reasons.
  • 05.18.2015
  • When STEM becomes STEAM
  • I mentored/coached a FIRST/VEX team for about 8 years, which had an awesome impact giving a few dozen kids grounding in engineering, and leading a few of them to complete engineering degrees ... including my daughter graduating as an MechEng last year. The majority of the kids had been left behind by the mainstream programs in the school where were art, music, and sports centric. The school still has a dying industrial "arts" program, barely still functioning ... mostly around a wood shop program. Little to no support from the school admin, with it's school to work skills message nearly lost these days on a system that depreciates technical training to jobs at the high school level.