There is an interesting counterpoint to this in victorian era railway signalling systems.

Now the operator interface for these consisted of banks of levers that worked the signals and points by means of a system of wires running over pullys, visibility from the signalboxes was not always brilliant and especially in fog keeping track of what was where was problematic.
In a fit of absolute genius it was realised that the (mechanical) logic could be implemented so as to prevent a signal being set at green if the segment was occupied and also to prevent the points in an occupied section being moved (this in an age before Turing, you will note). This was clearly a good thing, right?

Well, the signal men protested that sometimes they had to do the unusual and that they were highly experienced professionals (all the usual) and the system was modified so that a special key could be used to override the interlock logic, this key being held by the supervisors office.
So many train crashes over the following few years featured that key, that it ended up being UK practise that any collision between trains that caused a fatailty would automatically result in the signalman being arrested on suspicion of manslaughter.

It is a fine line between stopping the professional applying an override to fix a critical situation and leaving them able to tear the wings off by accident.

Regards, Dan.

Suggesting a potent neutron poison as a component of the alloy strikes me as being a fairly obvious one of those traps, the critical mass for a spherical PU assembly is also quoted differently in different literature (I have not bothered doing the maths to figure out which one is correct for a non reflector based design), but it is pretty much highschool level sums.

Now getting the tamper design right and manufacturing sufficiently homoginous compression charges, not often discussed in the civil literature.

Nuclear terrorism strikes me as a total non starter for all sorts of reasons, not least that tacking a few methyl groups onto some mercury is so much easier (First really nasty simple chemistry that came to mind, ther are plenty of others), and as a terrorist weapon simple CNS toxins on the subway would seem to have much to commend them (A lousy military chemical weapon, but terrorists go for civilian targets generally).

Spend the time worrying either about state actors (Who are not shopping chianese websites), or nutjobs with **SIMPLE** explosive or chemical devices for whom tracking precursors is probably ineffective (Nitric and sulfuric acids are so commonplace industrially that tracking is impossible), those guys need proper police work to catch.

Regards, Dan.

Well yea Gallium can be used to stabilise Pu, it is after all a potent neutron absorber....
This is not a metal you want anywhere near your fissile core.

Kind of cool stuff however, it melts right around body heat, so amusing to play with, but as a nuclear material its major use is preventing big piles of corium from accidents from going critical.

An interesting obsevation about the black market as applied to nuclear matters: If I have some Pu for sale I stand about an 80% chance that any given attempt to close a deal will result in a swat team and men from the intellegence services wanting a word.
The same thing applies if I am a buyer, no effective market can exist under these conditions.
However, given that presumably everyones intel agencies run stings of both types the result must surely be that much of the time you get two intellegence agencies swatting each other....

Now the ready availibility of copper vapour lasers and narrow line width dyes, that might actually be a worry (There is approximately a 0.5nm difference in the photon energy required to ionise U235 compared to U238 as a hexafloride, this is explotable at least in experimental plants), 1950s tech not so much (There are probably easier ways to get there these days).

Regards, Dan.

That could well actually have been the CORRECT thing to do.....

Don't forget that the fire marshalls job is NOT to be concerned about the paticular event, he is being paid to be constantly asking himself "what if a fire breaks out in the next 5 minutes", can we evacuate in time? Separated people and unavailable car keys rate some way down his priorities!

Large buildings (Like convention centers) have a multi tiered structure of occupancy limits, it is in no way as simple as saying the capacity is 20,000 or whatever.

Typically what you find is that the ground floor has direct escape routes and thus can support a lot of bodies, but that there is a rather tighter limit on total occupancy for floors above ground because these are limited (Sometimes severely) by the available exit stair capacity.

Each floor then has a capacity, and each room has a capacity.

Now the kicker is that it is NOT a case that the number within the room is within capacity makes everything ok, but that ALL of the numbers leading to that room have to be ok.

Add to this that the fire marshall will have seen the Station Nightclub / Great White video nasty, and may well even have been involved in pulling the bodies out, and that he is looking at a conference cente with an uncommon fuel load in it, and I can see a fairly hard line being taken.

My guess is that he saw the numbers on the upper floors well above the available exit capacity from the upper floors even while total building occupancy was below the limit and got the numbers back to a safe level the reasonably fast way, not IMHO unreasonable, and no reason to stop more attendes arriving, as long as they stay on the ground floor (And as long as the ground floor is within capacity limits itself).

Sounds to me like blame probably lies with whoever was running the stewards who should have stopped people heading upstairs once the upper floors number was reached (Any, yes, I know stewarding these things is a pain in the arse), and on whoever did the planning for crowd capacity and occupancy failing to take the upper floor numbers into account.

Were there clearly defined show stop and area clearence procedures in place?

Regards, Dan (Who used to do major events professionally (In europe not the US so the terminology probably varies a bit, but the principles are pretty much universal).

The problem with gas turbines is that small ones are not noted for efficiency (It has to do with the engineering tolerences of the compressor blade tip clearance among other things), and the bearings generally dislike the imposed accelerations when a high performance road car turns hard (Extreme gyroscopic loads). An electric drive chain with some secondary storage would however somewhat reduce the problems with horrible throttle response inherent in needing to get the mass flow up in sync with the extra fuel.

In the few hundred KW class petrol (if weight matters) or diesel (if it matters less) is the way to go.

Rover cars experimented with small turbines back in the 60's, unfortunately the problems they found have not gone away.

Regards, Dan.

OpenBTS, some SDR boards, a bulding overlooking the site, total cost maybe $5K or so and a week or so of codesmithing.

The trick is to jam the 3 and 4G services so as to force the phones to fall back on basic GSM with its notoriously broken authentication and crypto. For someone who can afford a handful of Ettus research products this is not a big deal to pull off.

Of course the other trick is to not get caught by the powers that be, unless of course you are the powers that be....

73 Dan.

Yea honeypots can be amusing to run sometimes.
The scary thing is that I suspect that some of them are real, and for a state actor the honeypots are not a big deal!

Exploits are rare for three reasons, firstly there is little profit to be had as a non state actor, no obvious oppertunity to profit in a way that doesn't attract a drone strike, secondly to actually do anything really interesting with these systems requires a level of familiarity with the tools and languages which is rare enough that these systems are seldom the low hanging fruit for script kiddies, thirdly nobody is going to fess up in public to having had their chemical plant hacked, the regulators response would be a nightmare.

Regards, Dan.

Security/convinience tradeoff? You try explaining that to a building contractor sometime!

As to the interfacing, it depends, sometimes it is a direct link to the plc, sometimes the plc talks CAN or RS485 or such to a windows xp box which runs a web gateway... I personally think the first option is likely more secure, especially when the machine in the corner of the plant room is found by the local security guard to be a good place to browse porn sites and download videos on the night shift (It happened, and I bet we were not the first, I found out when we got a phone call from the ISP about something on our network abusing port 25 outbound).

Generally security is not mentioned in the contracts for the installation of this stuff, and is at best an afterthought by non specialist developers, the effectiveness of this is left as an excersize for the reader.

Note also that the support contract with the installer often specifies that no software is to be installed on the user control computer except by their engineers (Who might come out once a year and then forget to do it) and this includes updates for security fixes.

73 Dan.

Because actually it is really very operationally useful, and USEFUL in normal use trumps security EVERY SINGLE TIME.

Consider someting simple like a public building heating control system, this is probably a modest PLC from the usual suspects, now if I am the poor sap in charge of the building systems (Nightmare, been there, done that), and the thing alarms at say 2100 on my day off, I have a choice:
I can go in and clear the (often but not always) unimportant problem, takes me an hour to get there and I was on my way in to see a show when it went off, or I can log in over the internet from my phone, see that the problem is that the number two AHU intake filter is showing high backpressure, clear the alarm and make a mental note to replace the filter next time I am in.
Same thing if the office phone up wanting me to change the setpoint on the air in the art gallery because some conceptual art is made of butter and is tending to melt (I kid you not, really happened).

Remote access to these systems is USEFUL, and nobody considers security until it bites them.

Further plant engineers still think in terms of 'ladder logic' which is essentially logic consisting conceptually of relays and coils and the connections between them, they are not by and large networking folk, and plugging the plc into a port on the external side of the firewall makes everything work where plugging it in inside the firewall makes the remote control not work properly....

Regards, Dan.

Most of these things can be taken to at least a semi manual mode of operation (It might require more people out on the floor manually tweaking things) but I suspect that most of these systems are actually simple enough on a local level that a good tech team with screwdrivers and set of schematics can fairly quickly get the PLCs out of circuit and some switches and pots and meters wired in (Most systems have switches on things like pumps and switchgear labelled along the lines of auto-off-manual already), worst case a laptop, a can card and use canoe or canalyser to talk to the valves and inverters directly.

Doing this does of course then depend upon having enough process engineers who really understand the plant to be able to run it with a board full of switches (and few if any interlocks) rather then letting the computer handle the details, this is probably the real issue as keeping such people on staff is expensive and is the reason you went heavily computerised in the first place. Getting management signoff could also be a problem, boards with billion pound assets like to hire consultants before letting the local on site guy fiddle with the flow rates and heat levels on the refinery heavy oil cracker without any interlocks.

There are of course systems that need the computer support, but even things like power stations (yes, even the nuclear ones) actually do not strictly need it, for all that bringing a set on line without it may require getting some people out of retirement to demonstrate the trick to it, and running without the computers would probably require emergency permission to violate all sorts of regs.

Damaging? Of course.
Disaster? Only if you cannot find the people who can deal with the loss of PLC support or if the attack causes the PLCs to damage the plant before the humans can step in.

The other major issue here is that while the scada controls may be more or less homogenous (Lots off Simens stuff out there) the systems they are controlling are anything but so a broad attack would probably be able to take the automation off line or change set points at random, but you could not easily write an attack to say cause the grid frequency to try to rise to 400hz, because there are far too many variations in the physical connections between the PLCs and the rest of the plants out there.

The scary thought is that it is not an attack on the SCADA running the pumps and power that would be really damaging so much as one of the machines running say the stock exchanges, repairs to some damaged pipes, boilers and transformers might take a few years and cost a few billion, repairs to the confidence in the financial system after some banker has diddled the risk models to ignore the sub prime lending risks.......

Regards, Dan.

At 30C3 someone ran a portscan on the VNC port of the entire IPv4 internet, with 'interesting' results, highlights of which included a swimming pool chemical dosing control system, various power generation and control systems, building environmental control systems, air handlers, all sorts of wild and whacky things, some of them lacking in even the rudiments of passwords never mind proper crypto....

The best one looked to me like a medium voltage distribution cabinet where the setpoints on the overload trips looked like they could be reconfigured from the internet!

Ahh the things you can do in reasonable time with a 100Gb/s of bandwidth, the rsulting slides at the closing event (which is where I ran across it) were very, very scary.

SCADA on the internet is a really, really bad thing.

73 M0HCN. :wq

As the German interior minister Wolfgang Schäuble discovered in 2008 when he got all hot for biometric ID cards, the CCC lifted his prints and published the required data as well as a latex print in a little bag in the magazine... The idea went away.

I would be inclined to believe the CCC in this matter, they have form for calling out over hyped biometrics.

Regards, Dan.

Well many homes already posess a 2.4GHz ISM band field generator, a few minor modification to the door interlock any you have just saved yourself $100.....

The trouble with shrinking this sort of thing is that it moves you from a near field situation, where coupling is largely magnetic, to a far field one where coupling is electromagnetic (Yes I know they both are really electromagnetic, bear with me), and that raises interesting questions of physics, and also of local power density close to the transmitter.

Now, there is also the health physics questions which for a non ionising EM field at 2.4Ghz come down to considering thermal effects. At 2.4Ghz this largely comes down to thermal effects in the skin and other surface layers (2.4GHz is used in microwave ovens for a reason, water has an absorbtion band there), the surface layer that **REALLY** matters in this is the eye! A few watts per square metre power flux density is probably not too much of a problem, much more might be.

I smell a startup about to try for some more funding!

73 M0HCN.

Thats true, but the issue in a cubesat is going to be all about total propellant mass fraction (The fraction of the vehicle mass at launch made of of stuff you can sling out the back at high speed), so while Xe is a better reaction mass if you have the space for the tank, it may well be that in this particular use case the higher storage density (and thus the ability to fit more of it into a tiny tank) actually trumps the heavier ion.

Space propulsion is all about propellant mass fraction and exhaust velocity, as those two numbers define how much delta V you can get out of your available fuel.

The problem with light ions in this situation is that the momentum transferred is simply the product of exhaust mass and exhaust velocity, the energy required to produce that exhaust velocity is 1/2 mv^2, thus a heavier ion travelling more slowly requires less energy input to the accelerator for a given amount of momentum transfer then a light ion moving fast.

However if you have surplus electrical power, and are not too concerned about producing large accelerations (even by ion drive standards), and can solve the corrosion and thermal management problems, it might actually be a reasonable tradeoff.

All space propulsion is tradeoffs between energy/reaction mass/specific impulse/acceleration, there are no really right answers here, and having another validated tool in the box is always going to be useful.

It looks to me more likely the problem was excessive weight at the bow and stern rather then midships, the effect is called hogging and is a known way to snap a container ship (or oil tanker) in half, both have occured in the past.
Basically the keel (The BIG beam running all the way from bow to stern down the bottom of the hull) can only take so much sheer stress and if the weight distribution does not match the localised boyancy implied by the current displacement you can very easily bend the ship.

If and how it came to be loaded that way will be one of the things on the investigators list.

There is of course software used to look at this stuff but it cannot realistically be run on the dock during a very tight turnaround, so the declared weights are used as the only data available in advance of starting loading. Not only does that mess of linear algebra have to give a fully loaded ship with the centre of mass and moment of inertia in the right regions (Important for stability and handling), it must also ensure that the total cargo mass per linear meter is roughly the same as the boyancy of that meter of wetted hull at all times during the loading.

Further shippers will sometimes pay a premium for say not having a can of high value goods put in a corner on top of a stack where it is somewhat more likely to be lost, and some of those cans may be 'reefers' (Refridgerated containers) requiring both power and ventilation to remove waste heat, the problem swiftly becomes complex, doubly so as the ports stacking order also feeds into this if you want loading to go smoothly.

A nasty accident, but nobody died, and the hull and cargo will have been insured, so a better outcome then is sometimes the case.

Hope that explains why it is not just about total weight.