Please tell me you are quickly reading and did not realize the conversation is about steering while on the ground.

There are a lot of steering options on smaller aircraft: differential braking, rudder, differential thrust. On the jumbos almost every one of them use the nosewheel while taxiing. Every 7*7 series all the way back to the 707 were designed with steerable nosewheels for all major ground turns. Rudder is used to keep straight on takeoffs, landings whether touching the ground or not.

About 180 degrees from reality. More passengers = more emergency doors.

There are international standards on how quickly an aircraft can be completely evacuated in case of an emergency. Evacuation times directly correlate with the ratio of meat bags that need to squeeze out emergency exits to the number of emergency exits. Airlines have great latitude in how interior seating is configured in the aircraft they order. This particular airframe, if the airline wants maximum seating, would need that 'plug' to be a working emergency exit. Alaska Airlines chose to tilt the scales a little bit in favor of passenger comfort and have their aircraft delivered from the factory with fewer seats crammed in. Those fewer seats drop the aircraft to a maximum passenger count low enough that they are not required to have this be a working emergency exit.

Boeing does not want to have different fuselages just for different seat configurations. What they do when an airline orders a plane configured with a low enough maxiumum passenger count is 'plug' it. Remove the mechanisms that allow for a manual opening. Remove the emergency slide. Skin the inside with a cosmetic pannel that makes the interior look like a normal cabin wall. The restraining mechanisms that keep the door from opening in flight are still there. The hinges are still there. It is still a door. It just has no way for someone to try to open it and four bolts with cotter pins on the nuts are installed to physically keep the door from moving.

Outstanding question is whether those four bolts were just missing or if the cotter pins were missing and the nuts on the bolts vibrated themselves off over time. The fact that two airlines who have ripped open the inside of their planes for inspection have reported either 'losse bolts' or 'loose parts' could be taken as 'bolts are there but the nuts were coming off'.

Um... if those are user serviceable parts (Boeing told the airlines to check them; they didn't send out their engineers to check them), why haven't they been checked before?

Because accessing those bolts requires removing two rows of seats, multiple panels, five technicians and between four and eight hours.

Sometimes. Depends on the sophistication of the bad guy and what signals you are teasing out of the logs.

9394 consecutive login failures for user bob.smith is easy to pick up on. That is a classic brute force. (and one for which your company is going to disolve before the bad guy blindly guesses the bob.smith password)

Bob.smith had one failed login from one IP and 17 seconds later jen.jones has one failed logon from a different IP and 9 seconds later... Mix those failures in with a thousand legit logins that had a couple dozen legit users fat fingering their passwords. That is a good cred stuffing.

A threat actor worth his salt is rotating IPs, varying time between requests, and making modifications between requests to parameters such as user agent. That said, I have no inside knowledge on this attack. 23 & Me might have succumbed to the crudest and most easily detectable cred stuffing possible and the n00b attacker got lucky they hit a soft target.

I am not an accountant. But I am married to one. One who does not work for Starbucks, but does revenue recognition at the corporate level.

Consumer buys a gift card. That money is not yet revenue as no goods have actually been provided -- just a promise that goods will be provided in the future when the card is redeemed. The money the company got for that card is classified as deferred revenue. Consumer uses the card. Consumer gets their goods. The company accountantss then get to move money from the deferred revenue column to the recognized revenue column.

All is well and good until time passes. Years later and the company has a metric boatload of deferred revenue on the books. There is no reason to keep the oldest as deferred. Especially not when you can crunch the data, create some custom actuary style tables and state with confidence (and here I start making nubmers up as they will vary business by business) that after five years only 1.3% of unspent gift card value be used in the next five years. And in the history of the company, only .000008% of gift card value has been used after ten years. You know what, let's move card value older than five years from deferred to recognized revenue.

Is all corporate ledger shuffling. Starbuck's moving their older deferred revenue into recognized has zero affect on those actual cards. They are still valid. The consumer can still use them. Is a good thing from the government's point of view that the money is not still sitting as deferred. Under the accrual accounting system that almost all corporations use, the revenue is not taxable until it becomes recognized.

Anyhow, this new group and the news articles their press release have inspired is part of an ongoing campaign. About a year ago, a union backed group The Strategic Organizing Center started agitating about gift cards with a focus on Starbucks. Probably because Starbuck's has one of the most widely adopted card programs, and thus the largest revenue numbers could be used. They got some press. The press died down. So it looks like a month ago the same folks decided to create a hollow front organization: Washington Consumer Protection Organization and issued a new press release on the same topic through them. Zero actual individual consumers seem to be associated with the group. Generic website. Zero human names. Pile of fresh social media accounts. Looks like a Potemkin village of a grassroots group.

This ask of this front group tells the true story.

They just want the money that woud be shuffled from deferred to recognized to instead be confiscated by the state.

The phrase 'brute force' was not used in the letter sent out by 23 and Me's lawyers. That was an addition by the Tech Crunch reporter.

It was not brute force in the sense that account "bob.smith" had all 7 quadrillion possible eight character passwords tried. Or even every entry in a password list like RockYou. What 23 & Me got was a login attempt for "bob.smith" trying a very very low number of passwords that had been associated with "bob.smith" in previous breaches from other firms. Quite possibly with each attempt coming from a different IP. Or spread out over time. And mixed in with attempts to try known username and password pairs for other user names.

These attacks can be teased out with a lot of analytics, but it is not trivial.

Unfortunately then the user experience is compromised and your users either leave or start complaining.

Password rotation I loathe. IMO all it does for the vast majority of users is encourage simple passwords with predictable rotating portions that are trivial for a malicious actor to exploit. s/^(winter|spring|summer|fall)(19|20)\d{2}$/spring2024/ There. My wordlist for passwords has now been updated. Not that I have a solution to get users to pick cryptographically strong *unique* passwords for each site. I can lead a user to a password vault, but I can't make them use it.

IP Locking? Guessing that is a reference to blocking IPs that are attempting too many logins to a number of different accounts. Old school the arguement against was shared services and VPNs -- going to be blocking too many legit users. Still valid, but with the additional pain that any malicious actor worth his salt is going to be rotating IPs. Too many precanned tools and services now that enable even low skilled attackers to came at a target with unique IPs on every request.

Geotagging is a customer service nightmare in many implimentations. Too many roaming people with mobile devices and VPNs and proxies and shitactularly nonupdated IP allocation tables. You can go partway though. Don't block when someone shows up from a potentially new location, but make that a mandatory two factor instance. Still going to leave a lot of users cranky.

Pretty much that is what it boils down to. You can make your users cranky, lower your engagement and keep saying it is for security. Few will be soothed with that claim and often the gain in security is marginal. Or you can keep it easy for your users, take a short term PR hit if breached and payout a bit of money to the users who get litigious after the breach. Is a tightrope and someone is going to be cranky either way.

It was brute forcing in the sense that the malicious actor had username/password pairs but did not know if any of these pairs were valid on 23 and Me. The brute forcing was trying every pair to see which ones were valid and which ones then did not hit an MFA wall. At least then is the general implication of 'cred stuffing' being used in the article.

Since 2019, 23andMe customers have had the option to utilize authenticator app 2-factor authentication, which adds an extra layer of security to their account. Starting today, we are requiring all customers use a second step of verification to sign into their account.

^ from a November 6, 2023 notice.

Those Raptors are not so small. Only in comparison to the absolutely beastly size of Super Heavy and Starship could they have that appellation. In terms of thrust they are probably around the 4th most powerful liquid fueled engine to ever fly behind a couple Soviet/Russian beasts and the Saturn's famous F1s. Gets a bit fuzzy when some sources will quote the best thrust ever achieved on test stand, some the expected highest thrust during regular operations, some stick to the main production models, some the projected numbers from a planned next gen for an existing engine...is a mess. But yeah, the shuttle/SLS main engines are in the same ballpark. Ditto for Blue Origin's BE-4 when those actual liftoff. (and they are also behind some engines that never made it off test stands and a wide variety of solid fuel engines)

It did not make it to orbit.

Who have been launching welded stainless steel hot staging rockets pushing seventeen million foot pounds of force via full flow methalox engines since the fifties. Or ever? Yes, humans have been putting things into orbit for seventy years, but there is awful lot of totally new, the most or never in this combination going on here.

Tough call on biggest win. Pad looking mostly intact is certainly huge. I am more please with what appeared to be all 33 engines on the booster staying lit the entire flight. I don't think they have even had a static fire with all 33 staying lit so far. Big jump in reliability.

And what appears to be solid self destructs will very much be up the FAA's list of wins. Should shorten this mishap review as compared with the previous. :)

Some are already there. While I work in cybersecurity, I enjoy sleeping so do not touch IR with a 10 foot pole. Some of my friends who do specialize in this space tell tales of working hand in hand with ransomware consultants and help desk staff to bring victims who paid back online in a secure manner. Direct quote from one: They have turned into security consultancies with very agressive sales departments.

The Echostar fleet of satellites are up in geostationary orbit (GSO) which is way way higher than the low earth orbit (LEO). LEO takes a relatively small amount of change in velocity to change its orbit to the point where atmospheric drag has increased to the point of finishing the deorbit in a short period of time. So of all the things you can do with a satellite in LEO at end of life, that is the general approach. Up at GSO, all the low delta v options result in risky and long term orbits to get back into the atmosphere. The fast deorbit burn would take so much propellent you might as well not have launched in the first place. So the general approach is an easy little burn to boost it a bit higher into graveyard orbits where nothing functional is at.

The last bit of tracked debris from the target satellite (Solwind/P78-1) came down a bit shy nineteen years after the antisatellite test. I guess depending on how you work your plurals that could be decades with an s on the end.

Its debris field also led to a pretty cool graph on page five of this document: https://orbitaldebris.jsc.nasa...

Love the correlation between solar activity and deorbiting. Sun output goes up. Atmosphere goes up. Drag goes up. Manmade bits go down.