Author: Sean Gallagher

The Air Force, Navy and Marines will be patching F-35 software bugs for years after they take delivery (if they're lucky). (credit: Dan Stijovich @ Flickr)

The F-35's flight plan appears to have delays written all over it. A previously unreleased memo from Michael Gilmore, the Department of Defense's director for Operational Test and Evaluation (OT&E), details a list of problems that will likely hold up the testing of the final configuration of the aircraft—and will mean the "Block 2B" aircraft now being delivered to the Marine Corps soon will continue to be full of software bugs for years to come. But officials with the F-35's Joint Program Office (JPO) have downplayed the seriousness of Gilmore's concerns, with one military member of the office taking to the Facebook page of a defense publication to call the memo "whining."

The concerns center largely on testing of software components—many of which the JPO has deferred to keep the program close to its schedule, and which JPO leadership has suggested would be a waste of time and money to fix now—since they are in interim releases of the F-35's systems and an entirely new set of software will be completed for the final version of the F-35. But with the Marine Corps and Air Force scheduled to fly as many as five F-35A and F-35B aircraft at the Farnborough International Air Show this summer, and production of the aircraft ramping up, so much uncertainty about the software could lead to even more complications down the road—particularly as weapons systems are added to the aircraft.

"The current 'official schedule' to complete full development and testing of all Block 3F capabilities by 31 July 31, 2017 is not realistic," Gilmore wrote in the memo dated from December, which was first obtained by Aviation Week. Making that schedule would require dropping "a significant number of currently planned test points, tripling the rate at which weapons delivery events have historically been conducted, and deferring resolution of significant operational deficiencies to Block 4"—a software upgrade the aircraft won't see until at least 2021.

Now available on Github, the guts of Walmart's cloud application OneOps. (credit: @Walmartlabs)

If you want evidence of just how different Internet retail and brick-and-mortar retail are, you just have to look at what's going on with the world's largest retailer. In the same week that Walmart announced the closing of over 100 physical stores, the company's e-commerce unit announced that it is releasing a piece of its cloud-management infrastructure as open source—publishing the OneOps platform on Github. The company's internal e-commerce development unit, @Walmartlabs, has released OneOps under the Apache 2.0 license.

OneOps is a tool built around the philosophy of DevOps—a "cloud management and application lifecycle management platform," as Walmart Chief Technology Officer Jeremy King described it in a blog post. That places it in the same space as tools like Chef, Puppet, Ansible, and Amazon Web Services' Elastic Beanstalk but with some specific differences that have driven its development and adoption at Walmart.

OneOps works with any public, private, or hybrid cloud that uses the OpenStack cloud environment (including CenturyLink and Rackspace), as well as Microsoft Azure and Amazon Web Services. It can automatically configure, repair, and scale up applications across multiple cloud providers. Like other tools, it also automates the creation of virtual machine instances for developers, handling security settings and other image configuration tasks. But it can also move applications from one cloud to another on a user's command as lower costs, better availability, available bandwidth, security, capacity, or other technological advantages dictate.

(credit: Ferran Rodenas)

Members of VMware's "Hosted UI" team—the developers responsible for the virtualization company's Workstation and Fusion desktop products—were apparently laid off on Monday as part of a restructuring of the company that was announced yesterday. The developers were just a part of a larger layoff as the company moved to cut costs and brought aboard a new chief financial officer.

"VMware… announced a restructuring and realignment of approximately 800 roles," a company spokesperson said in a press release Monday, "and plans to take a GAAP charge estimated to be between $55 million and $65 million related to this action over the course of the first half of 2016. The company plans to reinvest the associated savings in field, technical and support resources associated with growth products."

In a blog post, Christian Hammond, a former member of the Hosted UI team, reported the layoff, along with concerns about the future of the "award winning and profitable" desktop virtualization products. "VMware lost a lot of amazing people, and will be feeling that for some time to come, once they realize what they’ve done," Hammond wrote. "It’s a shame. As for our team, well, I think everyone will do just fine. Some of the best companies in the Silicon Valley are full of ex-VMware members, many former Hosted UI, who would probably welcome the chance to work with their teammates again."

Don't drop a wrench, man: airmen perform maintenance on a Minuteman III missile. (credit: US Air Force)

You'll be relieved to know that the public was never put in danger by a nuclear weapons incident that caused $1.8 million in damages to a Minuteman III missile in Colorado. But the accident, which happened in May of 2014, initially went unreported by the US Air Force even as a team of experts reviewed the service's nuclear forces in the wake of a testing scandal and security failures.

The Associated Press received what it called "the first substantive description of the accident" last Friday following more than a year of requests to the Air Force.

Details of the incident have been kept secret by the Air Force because of their sensitive nature, but we now know the situation rendered an intercontinental ballistic missile inoperable. Three airmen were trying to troubleshoot the missile after it failed a diagnostic test and had become "non-operational." Ultimately, the accident would likely have been categorized as a "Bent Spear" event, the code used by the military for damaged weapons (as opposed to "Broken Arrow," the code for an accidental nuclear detonation or other weapons incident in peacetime).

The YAL-1 Airborne Laser platform showed lasers could blow up missiles during boost phase. But it was way too big, too expensive, and had to get too close to launch sites. Drones could solve all three problems, the Missile Defense Agency's chief believes.

The Missile Defense Agency is giving a second look at the idea of airborne lasers as a defense against ballistic missiles. But this time, instead of using giant chemical lasers carried by enormous crewed aircraft, the MDA is hoping that solid-state lasers will soon be up to the job—and that they will be able to be carried by drones.

Over a decade ago, the US Air Force mounted a megawatt laser on a 747 as part of an effort to develop a flying weapon to shoot down ballistic missiles as they launch. The Airborne Laser Laboratory (ABL) had several successful tests, but then-Secretary of Defense Robert Gates cancelled the program in 2011 because of both its expense and impracticality.

"The reality is that you would need a laser something like 20 to 30 times more powerful than the chemical laser in the plane right now to be able to get any distance from the launch site to fire," Gates said in a House Appropriations committee hearing in 2009. To shoot down an Iranian ballistic missile, he argued, "the ABL would have to orbit inside the borders of Iran in order to be able to try and use its laser to shoot down that missile in the boost phase. And if you were to operationalize, this you would be looking at 10 to 20 747s, at a billion and a half dollars apiece, and $100 million a year to operate. And there's nobody in uniform that I know who believes that this is a workable concept."

One of the reasons that most people don't use public key encryption to protect their e-mails is that the process is simply too arduous for everyday communications. Open-source projects like GNU Privacy Guard and GPGTools have made it easier for individuals to use PGP encryption, but managing the keys used in OpenPGP and other public-key encryption formats still requires effort. And it's even more of a challenge when you want to read encrypted messages on your phone. If you're a company that has concerns about things like compliance and data loss, doing crypto without having some sort of key management can also create all sorts of risks.

For many, a perfect world would be one where crypto tools would handle everything, data would be encrypted on every type of system with whatever encryption type was required, and no one would have to worry about crypto management when it's time for an audit or when lawyers need to do digital discovery.

That's the idea behind Pkware's just-announced Smartcrypt, a software platform that covers everything from mainframes to mobile devices. Smartcrypt lets organizations decide what kind of encryption and authentication they want to use, and it integrates into many common applications. And of course, it can also leverage the .ZIP format to compress encrypted data at rest and in attachments. Ars got an advance walkthrough of Smartcrypt from Matt Little, Pkware's vice president of product development, and we'll be conducting a full review in the near future.

We are shocked that anyone would ever use sarcasm in a review of Kim Kardashian's app. (credit: TrueRatr)

A team of students participating in Cornell University's Tech Challenge program has developed a machine learning application that attempts to break the final frontier in language processing—identifying sarcasm. This could change everything… maybe.

TrueRatr, a collaboration between Cornell Tech and Bloomberg, is intended to screen out sarcasm in product reviews. But the technology has been open sourced (and posted to GitHub) so that others can modify it to deal with other types of text-based eye-rolling.

Christopher Hong of Bloomberg acted as mentor to the interdisciplinary student team behind TrueRatr (consisting of MBA candidates, engineering, and design graduate students)—Mengjue Wang, Ming Chen, Hesed Kim, Brendan Ritter, Shreyas Kulkarni, and Karan Bir. Hong had researched sarcasm detection himself while working on his 2014 master's thesis. "Everyone uses sarcasm at some point," Hong told Ars. "Most of the time, there's some intent of harm, but sometimes it's the opposite. It’s kind of part of our nature."

Director of National Intelligence James Clapper (far right) with CIA director John Brennan (center) and FBI director James Comey (left) before Congress last year. Clapper and Brennan have both now been targeted by hackers calling themselves "Crackas With Attitude". (Photo by Chip Somodevilla/Getty Images)

The same individual or group claiming to be behind a recent breach of the personal e-mail account of CIA Director John Brennan now claims to be behind the hijacking of the accounts of Director of National Intelligence James Clapper. The Office of the Director of National Intelligence confirmed to Motherboard that Clapper was targeted and that the case has been forwarded to law enforcement.

Someone going by the moniker "Cracka," claiming to be with a group of "teenage hackers" called "Crackas With Attitude," told Motherboard's Lorenzo Franceschi-Bicchiarai that he had gained access to Clapper's Verizon FiOS account and changed the settings for his phone service to forward all calls to the Free Palestine Movement. Cracka also claimed to have gained access to Clapper's personal e-mail account and his wife's Yahoo account.

In October, Crackas With Attitude claimed responsibility for hacking CIA Director Brennan's personal e-mail account and gaining access to a number of work-related documents he had sent through it—including his application for a security clearance and credentials. The group also apparently gained access to a number of government web portals and applications, including the Joint Automated Booking System (a portal that provides law enforcement with data on any person's arrest records, regardless of whether the cases are ordered sealed by courts) and government employee personnel records. The group published a spreadsheet of personal contact details for over 2,000 government officials. The Twitter account used to post the information was suspended shortly afterward.

A DARPA artist's rendering of the Northrop Grumman concept for TERN, a "tail-sitter" drone that takes off and lands vertically on smaller ships' flight decks. It could fill a major gap in the capabilities of the Littoral Combat Ship.

5 more images in gallery

Back in the 1950s, the US Navy was looking for a way to give destroyers and frigates an effective way to take on enemy air attacks—a sort of "first responder" aircraft that could take to the skies to hold off hostile aircraft until carrier-based fighters arrived and give those ships the ability to strike over the horizon at enemy ships. The answer they came up with was a "tail-sitter" propeller fighter aircraft that took off like a helicopter and transitioned into winged flight.

While several experimental aircraft were developed, including the General Dynamics Corvair XFY-1 "Pogo" and the Lockheed XFV-1 (also known as the "Salmon"), these aircraft with counter-rotating propellers were never deployed—mostly because they couldn't match the airspeed of the jet aircraft they would likely face in combat, and the Navy was afraid pilots wouldn't be able to handle the complexities of landing the things on a small, pitching deck. The Navy instead focused on missile defenses and carrier battle group tactics, and they depended on helicopters to provide smaller ships with the ability to reach out further—to strike at submarines, provide gun spotting, and (with the MH-60 Sea Hawk helicopter) shoot up less robustly-defended targets on the ground and on the sea.

This is what cyber looks like. (credit: CSI: Cyber / CBS)

There are lots of cringeworthy technology moments on television, especially when the words "hacking" and "cyber" are introduced into the plot. But of all the broadcast and cable networks, CBS is the biggest purveyor of techno-idiocy, proving again and again that none of the producers behind its stable of pseudo-procedural dramas has a clue about how anything on that crazy thing called the Internet works. NCIS set the benchmark with its two-people-on-one-keyboard-to-out-hack-a-hacker scene, but then the network doubled down and launched CSI:Cyber, which returned last night.

The future of Cyber is currently in doubt. CBS has pulled its timeslot to make room for a midseason replacement, so there may well be only a few more opportunities for the latest CSI franchise to cyber-scare network viewers with plots loosely based on something producers read about on Yahoo Answers. OK, to be fair, Cyber's writers are at least occasionally inspired by actual vulnerabilities that have been ripped from the headlines. It's just often these headlines are several years old.

Throughout its run thus far, the show has offered hat-tips to real security researchers. An episode late last year involved a "jackpotting" hack of ATMs at "Barnaby Bank," named for a security researcher who demonstrated that vulnerability—Barnaby Jack. Jack would afterward serve as director of embedded device security research at IOActive until his death in 2013. But the road to entertainment hell is paved with good intentions.