Phil Toledano for The Atlantic magazine.

One warm spring night in 2011, a young man named Travis Hughes stood on the back deck of the Alpha Tau Omega fraternity house at Marshall University, in West Virginia, and was struck by what seemed to him—under the influence of powerful inebriants, not least among them the clear ether of youth itself—to be an excellent idea: he would shove a bottle rocket up his ass and blast it into the sweet night air. And perhaps it was an excellent idea. What was not an excellent idea, however, was to misjudge the relative tightness of a 20-year-old sphincter and the propulsive reliability of a 20-cent bottle rocket. What followed ignition was not the bright report of a successful blastoff, but the muffled thud of fire in the hole.

"The Dark Power of Fraternities" [The Atlantic]

We now know a lot about the security of the Rapiscan 522 B x-ray system used to scan carry-on baggage in airports worldwide. Billy Rios, director of threat intelligence at Qualys, got himself one and analyzed it. And he presented his results at the Kaspersky Security Analyst Summit this week.

It’s worse than you might have expected:

It runs on the outdated Windows 98 operating system, stores user credentials in plain text, and includes a feature called Threat Image Projection used to train screeners by injecting .bmp images of contraband, such as a gun or knife, into a passenger carry-on in order to test the screener's reaction during training sessions. The weak logins could allow a bad guy to project phony images on the X-ray display.

While this is all surprising, it shouldn’t be. These are the same sort of problems we saw in proprietary electronic voting machines, or computerized medical equipment, or computers in automobiles. Basically, whenever an IT system is designed and used in secret – either actual secret or simply away from public scrutiny – the results are pretty awful.

I used to decry secret security systems as "security by obscurity." I now say it more strongly: "obscurity means insecurity."

Security is a process. For software, that process is iterative. It involves defenders trying to build a secure system, attackers -- criminals, hackers, and researchers -- defeating the security, and defenders improving their system. This is how all mass-market software improves its security. It’s the best system we have. And for systems that are kept out of the hands of the public, that process stalls. The result looks like the Rapiscan 522 B x-ray system.

Smart security engineers open their systems to public scrutiny, because that’s how they improve. The truly awful engineers will not only hide their bad designs behind secrecy, but try to belittle any negative security results. Get ready for Rapiscan to claim that the researchers had old software, and the new software has fixed all these problems. Or that they’re only theoretical. Or that the researchers themselves are the problem. We’ve seen it all before.

Photograph: Hemedia/Mark Sutherland

West Dunbartonshire council has had quite enough of listening to that woman complain about her assigned public housing being inaccessible to her disabled child. The Guardian:

Clare Lally, 33, spent two years campaigning for improved access for her daughter Katie, seven, who uses a wheelchair, after the council gave them a home at the top of three flights of stairs. But she was shocked at the solution, a £40,000 60-metre steel ramp which winds from the front door to the pavement.

They filled the entire yard with it!

This triple gear is a real thing, and thanks to some intricate math and the advent of 3-D printing, it exists. Before this, at least as far as I can tell, a triple-meshed gear required one of the gears to turn in the opposite direction as the other two. That is no longer the case.

I can’t for the life of me imagine what this would be used in, but hey … at least we have it now. Get to designing!

(via henryseg on Shapeways)

From Wikipedia: "English: A large wheeled Assyrian battering ram with an observation turret attacks the collapsing walls of a besieged city, while archers on both sides exchange fire. From the North-West Palace at Nimrud, about 865-860 BC; now in the British Museum."

File:Assyrian battering ram.jpg (Thanks, Justin!)