Forgot your password?
typodupeerror

Comment: Continuous competition = best (Score 1) 123

by garyebickford (#47873437) Attached to: SpaceX and Boeing Battle For US Manned Spaceflight Contracts

I'd like to see both awarded a minimum number of flights (say 1/4 or 1/3 of total planned) at a fixed maximum price, and the price of all additional flights negotiated down from that maximum price, relatively close to the date when the hardware has to be built - say a year before flight. This would also leave an opening for other competitors to come in later. It would probably be beneficial to allocate in lots of, say, three or four up to 10 at a time. I would also require all vendors / vehicles to use the same interfaces - mount points, power, fluid, and data connections, etc. so any vehicle could be swapped out for any other on short notice. Of course, some vehicles are going to have to have special equipment, but that could also be handled using a modular system.

The net result of this would be a continuing reduction in the design, manufacturing, and launch costs, as more components become commoditized to fit all vehicles - all vehicle vendors will benefit. Soon any launch vehicle could be used to launch any 'standard' vehicle. The result of this would be an increase in the economic feasibility of space launches for both NASA and others private and public, making the market larger. Outcome: boom in space development. Boeing and SpaceX would both benefit from this approach in the long term, and possibly others as well. The key to economic space development is just this kind of commoditization, repeatability and increased reliability that long production runs with continuing improvements can provide.

Comment: Should have used the Kaje Password service! (Score 0) 107

by garyebickford (#47805639) Attached to: Hackers Behind Biggest-Ever Password Theft Begin Attacks

[shameless plug, but apropros] - my company's Kaje Picture Passwords for the Web would have prevented these attacks almost completely. (I say "almost" because, well, "never say never".) We published a press release about this two weeks ago: Bright Plaza offers “Kaje” Website Security Solution to Russian Hacker Password Breach. Using Kaje, the password is no longer stored on the website so these breaches could not have exposed the passwords. Kaje never knows anything about the user other than the anonymous ID sent by the website.

Had all those websites been using Kaje, these breaches would not have resulted in the huge potential liability and recovery costs that so many businesses will be facing. From Sony a few years ago to Target and EBay recently, and now this Russian thing, password breaches are causing billions of dollars in damages, often borne by website owners - in some cases thousands of dollars per user. Health care and financial services websites are particularly subject to financial penalties from regulatory bodies as well as civil litigation. In comparison, the Kaje service costs fractions of a cent per use for large users.

A Picture Password, which was demonstrated to be easier to use and more secure than text passwords by NIST as early as 2003 (using an earlier, less secure methodology), is more difficult to crack as well as resistant to man-in-the-middle attacks. The Kaje service has an HTTPS RESTful API, is compatible with OpenID, SAML, and other SSO systems, and plugins are available for Drupal and WordPress with others coming soon. Using Kaje basically requires SSL, one or two additional columns for the anonymous ID sent to Kaje by the website The first 10,000 uses are free, so smaller websites can use it for years without paying anything, while larger ones can try it out, do testing and prototyping with no cost or obligation.

If anyone is interested, check out Kaje or contact me through the website. We're looking for both website (customers) and web services (hosting, CMS vendors, developers), who can apply to be Kaje Affiliates and receive a commission from us by offering discounts to their customers.

Comment: NSA was collecting data in the 1960s (Score 5, Interesting) 180

by garyebickford (#47780641) Attached to: The Executive Order That Led To Mass Spying, As Told By NSA Alumni

A friend of my sister's worked for NSA for eight years in the 1960s. At that time the fact of its existence was classified - insiders said the acronym stood for "No Such Agency". He spent most of those eight years in a shack on a hill in Japan, listening and recording phone calls and telegraphs in and out of Japan. He came out of those eight years imbued with an extreme level of paranoia that he never did shake off. It cost him his marriage among other things.

So 1981 wasn't the beginning. I would be more likely to think that the directive in question was created to paper over and legalize what had been going on for decades before. The agency was founded by Harry Truman in 1952 based on signals intelligence units from WWI, per Wikipedia. I saw an article recently which asserted that spying on foreign (and some domestic) entities really came out of the period before and after World War I, and it made sense.

Having said all that, I recently learned that the NSA is not just "spooks peeking into our bedrooms" and getting everyone upset. That is just one of three branches.

- Signals Intelligence Directorate is the one that has been upsetting people, and may in fact be as crazy as people think they are;

- Information Assurance Directorate one might consider the "good guys" - they are working with US industry and agencies to prevent security breaches - one might consider this the "anti-spy" group, and you'll see guys from IAD at conferences regarding improvement of the security infrastructure of the net, to prevent spying and other problems. By all accounts the Information Assurance Directorate is working very hard to protect us, and has had some successes preventing or stopping serious hacking and other incidents against both public and private organizations in recent years that they, of course, can't ever tell anyone.

- Technical Directorate, which I assume is the people inventing the HW and SW the rest of the gang uses.

TL;DR - don't paint the whole of NSA with the same tar and feathers. Some, at least, are out there actively helping with things like Tor as we read recently - spy agencies including NSA have regularly helped Tor find and fix bugs, even while other groups in the same agency are trying to exploit them.

Comment: Re:cars with an oil change light that needs a code (Score 1) 273

by garyebickford (#47616265) Attached to: Hack an Oscilloscope, Get a DMCA Take-Down Notice From Tektronix

In Massachusetts, the State (IIRC) took Toyota to court to require them to release the codes to independent mechanics so they could fix the cars and do warranty work. I think the State won, but I'm not sure, and it was tied pretty closely to existing MA law.

Comment: Re:A comment from the linked site: (Score 1) 273

by garyebickford (#47616249) Attached to: Hack an Oscilloscope, Get a DMCA Take-Down Notice From Tektronix

Would a password, or an item code that had to be entered in an instruction, such as "Enter 'F2-ABC' to select the proper module" - would the use of "F2-ABC" be a violation? IDK. It might even be trademarked, and trademarks never expire as long as they are maintained.

Comment: Re:A comment from the linked site: (Score 2) 273

by garyebickford (#47616221) Attached to: Hack an Oscilloscope, Get a DMCA Take-Down Notice From Tektronix

An older example: Back in the day, IBM sold two card punch/readers, IIRC the 620 and 630. One was much faster and more expensive than the other. According to what I was told back then, the difference was that the slower cheaper one had an extra circuit board that slowed it down. Remove the extra, and voila! faster - plus loss of warranty, no field service, etc. of course.

It's quite common on most cars to have a single wiring harness that includes all the plugs for the extra features, possibly for all models of the car. E.g. you might even fit wiring for a station wagon feature in a sedan. This allows a single inventory item to cover all versions of the car (i.e. cheaper), simplifies documentation, and avoids problems with the wrong harness being used, shipped for a car repair, etc. It would also be either impossible or overly expensive for dealers to install dealer add-ons otherwise. The cost of the wire and connectors is so low as to be in the noise.

Comment: Re:B-b-but the thousand monkeys?!! (Score 1) 168

by garyebickford (#47486375) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

Everybody picks on PHP. Like every language it's not perfect, by far. But by several orders of magnitude (my estimate), the vast majority of all vulnerabilities regardless of operating system have directly resulted from design flaws in C (and C++) - buffer overflows, pointer issues, assignment instead of evaluation in conditionals due to missing equals, etc. Even many/most of the vulnerabilities in PHP have been the result of these same C design flaws. While _some_ of those flaws can be argued to be necessary for writing at the bare metal level - device drivers and such, they are completely unnecessary for application programming.

The standard counter argument is that "C programmers (must) learn better programming habits, and deal with those things." To which I merely append, "Some ..." and note that many of these bugs have demonstrably been put there by highly skilled, experienced developers who know better, but just forgot "this one particular time."

It's enough to make one yearn for Haskell, or Erlang, or something. :D

Comment: Re:The crackpot cosmology "theory" Du Jour (Score 1) 214

by garyebickford (#47481787) Attached to: Cosmologists Show Negative Mass Could Exist In Our Universe

There are lots of plausible reasons for the apparent lack of evidence regarding life intelligent or otherwise, which have been bandied about by many people. Just for starters, maybe we're the first intelligent life. But I wasn't arguing that point. Regardless of these questions or arguments, they are not 'evidence' about warp drive. That's all I'm saying. :)

Comment: Re:Ok, but the thing is ... (Score 1) 214

by garyebickford (#47478555) Attached to: Cosmologists Show Negative Mass Could Exist In Our Universe

mc^2 + (-m)c^2 = 0

OK, here I go on a wild toot. What if c^2 is negative? I.e. the "speed of light" is a complex number, or a pair of numbers, one of which is real and the other is imaginary? Then we might have c and c^2, and we can define the imaginary C=ic and C^2 = i^2c^2. This is different than the topic of negative mass, of course. I think I just boggled myself.

Comment: Re:The crackpot cosmology "theory" Du Jour (Score 1) 214

by garyebickford (#47478455) Attached to: Cosmologists Show Negative Mass Could Exist In Our Universe

Occam's Razor states that your personal theory that isn't testable is automatically false and invalid. The theory in the article that is testable may be right or wrong but we won't know until testing it.

Actually, no. Occam's Razor (as others have noted) is more or less about choosing the simplest theory that fits the facts. Falsifiability is about whether a theory is testable or not.

I'll just add this irrelevant point: any theory that concerns the Universe as a whole, viewed as a system from outside, is inherently unfalsifiable, even though it may be true. I can say, "the Universe is blue, viewed from outside", and there is no way to prove that, so far.

Wasn't there something about a PASCAL programmer knowing the value of everything and the Wirth of nothing?

Working...