Slashdot Mirror

Of course NIST gives Imperial to Metric conversions. http://physics.nist.gov/Pubs/SP811/appenB.html

Strangely, though an inch is defined as 2.54 cm, they open the web page by indicating that a meter is approximately 39 1/2 inches. No, I'm not implying they mean 39 (1/2 inches) [or 19.5 in] -- rather that they approximate poorly. 39.37 does not equal 39.5 inches (even if NIST, the US National Institute of Standards and Technology, says so.)

They probably should have said "aproximately 39 1/3" inches, which would have been closer. But I think "approximately 39 1/2" is "good enough for government work."

Maybe they should have checked with the National Bureau of Standards (NBS), who set the standards for measurement. Oh wait, that's who they used to be! If even they can't get it right, we're screwed.

Strangely, though an inch is defined as 2.54 cm, they open the web page by indicating that a meter is approximately 39 1/2 inches. No, I'm not implying they mean 39 (1/2 inches) [or 19.5 in] -- rather that they approximate poorly. 39.37 does not equal 39.5 inches (even if NIST, the US National Institute of Standards and Technology, says so.)

They probably should have said "aproximately 39 1/3" inches, which would have been closer. But I think "approximately 39 1/2" is "good enough for government work."

Maybe they should have checked with the National Bureau of Standards (NBS), who set the standards for measurement. Oh wait, that's who they used to be! If even they can't get it right, we're screwed.

Strangely, though an inch is defined as 2.54 cm, they open the web page by indicating that a meter is approximately 39 1/2 inches. No, I'm not implying they mean 39 (1/2 inches) [or 19.5 in]--rather that they approximate poorly. 39.37 does not equal 39.5 inches (even if NIST, the US National Institute of Standards and Technology, says so.)

Bizarre!

Convert all industry and govt. agencies to the metric system

Change the paper standard to A series. i.e. 8 1/2" x 11" to A4

Change Month/Day/Year to Day/Month/Year on all forms and databases.

Use only open source software in all govt. agencies.

Invest much more research and support renewable energy

Invade countries that drive on the wrong side of the road and bring those evil doers to justice.

My policies will create jobs for the thousands of unemployed programmers sitting idle since the Millennium bug scare and allow our fellow Americans to drive anywhere around the world, without the fear of driving into on coming traffic.

"NIST Reference on Constants, Units, and Uncertainty " clearly show the SI as being their standard units of measure.
here's also the entry on wikipedia about the SI
And also, the metric system is easy to understand, when you know that 1 liter of water = 1 dm^3 = 1kg, you can easily convert between things.

We do. You're misinformed.

• In 1866, Congress authorized the use of the metric system in the USA and supplied each state with a set of standard metric weights and measures. The US is one of the original 17 signatory nations of the 1875 Treaty of the Meter.
• In 1893, the metric system was adopted as the fundamental standard for length and mass in the United States.
• Congress passed the Metric Conversion Act of 1975, "to coordinate and plan the increasing use of the metric system in the United States", and a process of voluntary conversion was initiated.
• Congress passed the Omnibus Trade and Competitiveness Act of 1988 which amended the Metric Conversion Act of 1975 and designates the metric system as the preferred system of weights and measures for United States trade and commerce.
• Federal agencies were to use the metric system in their procurement, grants and other business-related activities by the end of 1992.

You make it sound like in the US we are banned to use the metric system. The US was one of the countries that originally signed onto the treaty establishing the meter.
All science in the US is taught in metric, and most companies use either metric, or metric and imperial. Also all weights and measures for the federal goverment are required to be in metric.
The imperial system is used mostly by average joe for daily things where measurement system is trivial. Driving distances, outdoor temperature (which is much better described in F than in C), and people's weight.

We do use the metric system, you're just very naive:

• In 1866, Congress authorized the use of the metric system in the USA and supplied each state with a set of standard metric weights and measures.
• The US is one of the original 17 signatory nations of the 1875 Treaty of the Meter.
• In 1893, the metric system was adopted as the fundamental standard for length and mass in the United States.
• Congress passed the Metric Conversion Act of 1975, "to coordinate and plan the increasing use of the metric system in the United States", and a process of voluntary conversion was initiated.
• Congress passed the Omnibus Trade and Competitiveness Act of 1988 which amended the Metric Conversion Act of 1975 and designates the metric system as the preferred system of weights and measures for United States trade and commerce.
• Federal agencies were to use the metric system in their procurement, grants and other business-related activities by the end of 1992

Personally, I don't see how my use of kilograms to purchase olive loaf at the corner deli is going to benefit you any.

Very roughly, an optimization problem that can be solved in polynomial time on a nondeterministic Turing machine. NP-hard problems are believed (but not proven) to take greater than polynomial (but still finite!) time on deterministic computers. There are often approximation algorithms that get near-optimal solutions quickly, probabilistically, or for constrained classes of input. The mesh algorithm here appears to be an approximation algorithm.

Or Google for it: here's an answer

They've demangled "mbs" and "mps." Now if they could only add the requisite nonbreaking space(7.2) between the number and units and capitalize the "M" to represent 1e6 we'd be set.

Michael.

It's also amazing that a poster to Slashdot, and the particular front page editor, hasn't managed to learn the SI unit prefixes (which I know was your point).

The article claims that "a Cabinet-level federal agency released a software product under the GPL, making it the first tool of its kind to be licensed by the US government free of charge to public and private sector organizations."

The National Institute of Standards and Technology, part of the Department of Commerce, regularly makes its software available to all comers. The software I know about does not use the GPL, but that doesn't mean it isn't free of charge. In fact, NIST does the GPL one better, because a lot of their free software comes with the phone number of the people who wrote it, and hence free tech support.

I don't know if this is part of the DOC mission, or just the culture that pervades NIST, but I do know that the people there I have dealt with view the public release of their software as a direct consequence of developing it on the public's dime.

Known as 'big-O' notation, it's a way of describing the efficiency of an algorithm. A quick google search for 'big o notation' led to this page which has a fairly clear explaination, provided your maths isn't too rusty.

Basically it's an expression of how much computation is required to execute an algorithm on a problem of size n.

O(n^2) indicates that the amount of computation required to execute the algorithm is of the order of n squared. That it, if you double the size of a problem, it will take the algorithm appropximately four times the amount of computation to solve.

O(n log n) indicates that the amount of computation required to execute the algorithm is of the order of n times the logarithm of n.

O(1) indicates that the amount of computation required to execute the algorithm is fixed and is independent of n.

If you look at how these different functions 'blow up' as n increases, you can see that for large problems we ideally look to use O(1) and O(log n) algorithms. O(n), O(n log n) and O(n^2) algorithms have significant scaleability issues and generally should only be used for problems where there is no practical alternative, where you can be sure that n will never be large enough to cause problems due to excessive computation.

What I want to see is the results from the one of the "other standard tests" the article alludes to: field strength measurements. These can be compared to the known performance of a standard 1/4 wave monopole. That is what will convince me, and is what the FCC requires for broadcast stations.

Efficient short antennas have been made, but they aren't easy. In honor of the current Slashdot poll, see WWVB's antenna. This system attains 65% efficiency at less than 1/40 wavelength.

And this "hat" isn't made of tinfoil! ;-)

Check out the longwave transmitter/antenna setup at NIST's WWV in Colorado. While in this case the towers aren't "hot", NIST does employ several towers in order to hold up this capacitance hat. This transmitter operates on 60kHz!

Typing SHIELDEDPROTONMAGNETICMOMENTTONUCLEARMAGNETONRATIO with the SHIfT key twice an hour adds insult to injury (coding in Fortran).

Be aware that this is a benchmark for jvm's, and has little to do with machine performance. According to the benchmarks results page. A PIV 3.0 GHz computer can score anywhere between 228 and 557. This benchark also seems biased towards 32bit machines. One thing that is essential for any test is for it to at least be internally reliable.

Well, if NIST don't want random people using their stratum-1 servers, they shouldn't be inviting and instructing the entire world to use their stratum-1 servers, should they?

PBX Vulnerability Analysis: Finding Holes in your PBX Before Someone Else Does

Its a 60-page PDF that covers all of the features included in most PBX's that can be exploited and/or manipulated.

If you're a security engineer I HIGHLY recommend it. Even if you're just the company's Network Admin that's also responsible for the PBX, check it out. What a cool line on your resume? How about "Reduced company's monthly phone bill by XX% (thing BIG) via PBX audit" Nothing says "You're Hired!" better than that.(Hint: turn off automatic-forwarding by default to start. People config their work phone to forward to their house over the night/weekend, and their long-distance friends just call the company's Toll Free number and get routed to the employee's house. They chat, company picks up the tab. Also look into setting up SMDR or CDR (google for it) on the PBX, connect a serial cable to the switch, and do some simple call accounting to determine who's doing what on your phone lines all day.

The tin-foil hat wearers are going to flame me a new one, but really this is just like sniffing your ethernet traffic to see if people are goofing off on the web all day. Plus, you're not actually LISTENING to whats said on the calls, you're just logging that extension x1234 called 978-555-1212 fifty times in the last month. Maybe that's a legit call, maybe its their wife/husband and they're goofing off. Or hell, maybe you figure out that you're under-utilizing your trunks, and can get rid of that extra T1 without causing inbound calls to get busy signals, or outbound calls to not get an outside line. Tell the PHB's to roll the first month's savings into your bonus plan :-)

And, as a turnaround question, have people found that their PBX experience translates into small-mid scale VoIP gigs, and if so, how? With a decent amount of PBX (non-voip) switch management under my belt, is it worth doing the WRT54G VoIP setup for the experience, or should I just try to find a job at a company that's doing 'real' voip?

I occasionally like memnonic passwords, but another good alternative is a randomly-generated but pronounceable password. It turns out that we're much better at remembering passwords that we can pronounce. (Where "Voolakun5" is pronounceable and "zqx17yvy" is not).

FIPS-181 describes a NIST-endorsed system for producing pronounceable passwords. There is a GPLed FIPS-181 implementation here.

Sample run:

$ apg
dyijenuloa
bifliecar
yishjied&
IfHydrovia
yutsOlg/
DipUkcat

APG is a lot more sophisticated than this, and allows you to do a lot of tweaking of the types of passwords it outputs, print pronunciation guides. It's a good tool, IMHO, for security-conscious types to have around.

For Fedora Core 2 users, Red Hat does not package apg in the base distribution, but it is available from freshrpms.

Exactly. If you want to find out if your crypto implementation is secure, ask the US government. If they say yes, you've got bugs.


Depends who in the US government you ask. Groups like the US State Department, the Dept of Commerce, CSRC of the NIST and half of the NSA (who has two purposes - one to protect against foreign intelligent threats, and one to exploit against foreign intelligent adverseries.) they want to protect most of the US public (and NAFTA, G8, and NATO interests) - including US businesses - from foreign governments. These groups can give you an idea of what is likely secure as we know in the non-classified knowledge outside the cloak and dagger world of the NSA, GCHQ, CSE, etc.

Mind you, I'm not sure why anyone would need to ask permission to export a public standard like AES. I'm pretty sure there aren't any secrets happening there.

AES was selected through a very open public process, so no knowledge about AES requires export permission. The US Dept of Commerce does regulate Dual-Use items (i.e. items that have a military/dangerous/hostile use and non-military use) including information security software implementations such as toolkits, libraries, and binaries (and object code). Humanly readable source code is still somewhat in disupte, but based on some US state level court cases (Phil Karn and Bernstein) it appears that human readable source code is not regulated.

Exactly. If you want to find out if your crypto implementation is secure, ask the US government. If they say yes, you've got bugs.


Depends who in the US government you ask. Groups like the US State Department, the Dept of Commerce, CSRC of the NIST and half of the NSA (who has two purposes - one to protect against foreign intelligent threats, and one to exploit against foreign intelligent adverseries.) they want to protect most of the US public (and NAFTA, G8, and NATO interests) - including US businesses - from foreign governments. These groups can give you an idea of what is likely secure as we know in the non-classified knowledge outside the cloak and dagger world of the NSA, GCHQ, CSE, etc.

Mind you, I'm not sure why anyone would need to ask permission to export a public standard like AES. I'm pretty sure there aren't any secrets happening there.

AES was selected through a very open public process, so no knowledge about AES requires export permission. The US Dept of Commerce does regulate Dual-Use items (i.e. items that have a military/dangerous/hostile use and non-military use) including information security software implementations such as toolkits, libraries, and binaries (and object code). Humanly readable source code is still somewhat in disupte, but based on some US state level court cases (Phil Karn and Bernstein) it appears that human readable source code is not regulated.

Exactly. If you want to find out if your crypto implementation is secure, ask the US government. If they say yes, you've got bugs.


Depends who in the US government you ask. Groups like the US State Department, the Dept of Commerce, CSRC of the NIST and half of the NSA (who has two purposes - one to protect against foreign intelligent threats, and one to exploit against foreign intelligent adverseries.) they want to protect most of the US public (and NAFTA, G8, and NATO interests) - including US businesses - from foreign governments. These groups can give you an idea of what is likely secure as we know in the non-classified knowledge outside the cloak and dagger world of the NSA, GCHQ, CSE, etc.

Mind you, I'm not sure why anyone would need to ask permission to export a public standard like AES. I'm pretty sure there aren't any secrets happening there.

AES was selected through a very open public process, so no knowledge about AES requires export permission. The US Dept of Commerce does regulate Dual-Use items (i.e. items that have a military/dangerous/hostile use and non-military use) including information security software implementations such as toolkits, libraries, and binaries (and object code). Humanly readable source code is still somewhat in disupte, but based on some US state level court cases (Phil Karn and Bernstein) it appears that human readable source code is not regulated.

I found this and also this interesting. A Mebibyte (MiB) is 1024 bytes, and a Megabyte (MB) is now the standardized 1000 bytes.

That's just not true!

The meter is the length of the path traveled by light in vacuum during a time interval of 1/299,792,458 of a second.

Source

Winzip 9 does not have FIPS 140 validation. If it did, it would be on this list.

FIPS validation is intended to ensure the cryptographic mechanisms, including key management, are done properly. Validation doesn't stop every poor implementation, but it is a start.

There are validation programs in which third party laboratories test and inspect systems related to computer security. Probably the most well known of these is the FIPS 140 program, run by NIST and recognized by the US and Canada. A friendlier description is in this FAQ.

Another international validation program is the Common Criteria program. This provides an internationally accepted set of IT security requirements, policies, and procedures for testing.

Use validated software. Buy validated software. Looking at software that isn't validated? Encourage them to look into the validation process. The US government can no longer purchase cryptographic modules that are not FIPS 140 validated. Put similar rules in place at your organization.

There are validation programs in which third party laboratories test and inspect systems related to computer security. Probably the most well known of these is the FIPS 140 program, run by NIST and recognized by the US and Canada. A friendlier description is in this FAQ.

Another international validation program is the Common Criteria program. This provides an internationally accepted set of IT security requirements, policies, and procedures for testing.

Use validated software. Buy validated software. Looking at software that isn't validated? Encourage them to look into the validation process. The US government can no longer purchase cryptographic modules that are not FIPS 140 validated. Put similar rules in place at your organization.

The metre is the length of the path travelled by light in vacuum during a time interval of 1/299 792 458 of a second.

The kilogram is the unit of mass; it is equal to the mass of the international prototype of the kilogram.

The kelvin, unit of thermodynamic temperature, is the fraction 1/273.16 of the thermodynamic temperature of the triple point of water.

for people who still think in foot, hand, and inch, you can can find more about the SI of course at the Wikipedia entry, but also for people in the USA, the National Institute of Standards and Technology (NIST) has a lot of page about the SI where yes, they talk about meter for distance, and kilogram, for mass.

Actually a Petabyte is 1x10^15 bytes, but it is only 909 Tebibytes.

Actually a Petabyte is 1x10^15 bytes, but it is only 909 Tebibytes.

No. A petabyte is 1e15 bytes. If you want to be pedantic about it, then true pedantry must acknowledge that in SI, powers-of-two have their own prefixes. You're thinking of a pebibyte. (1 PiByte, which is 1024 TiByte, or 1048576 GiByte, not GByte.)

Here is a list of the binary prefixes.

Memory is the only component with sizes still commonly quoted with abused powers-of-ten prefixes. (That is, using 1 "kilo" byte meaning 1024 bytes, instead of saying one kibibyte or meaning 1000 bytes.) Hard drives have had sizes quoted in powers of ten for at least a decade.

No, because those are not used in practice. They were invented due to improper usage by a standard organization. It is not a problem for engineers.

I have never seen any text use the 'new definition' and the old one is well established. Until I see respectable texts use it (such as by Ercegovac or Koren) then it is utter nonsense.

If you really must make people aware of this BS unit, info is available here.

The second is the duration of 9 192 631 770 periods of the radiation corresponding to the transition between the two hyperfine levels of the ground state of the cesium 133 atom.

actually it was changed changed in 1960 to the distance light travelled since the speed of light in a vacuum is fixed

Hrm, according to this MiB and its bastard relatives have made it into valid SI units.

Why are we letting vendors of hard disks re-scale the units of measurement so that their products appear larger by having bigger numbers on the box, its madness.

Personally I think we should redefine an inch as half a centimeter so we can all go out and score bigtime tonite.

Like this?: http://www.itl.nist.gov/div895/carefordisc/CDandDV DCareandHandlingGuide.pdf

Maybe you shoulda asked Google?

I later found some advisory text that basically said the same thing.

I googled a bit and found that text again (was in /. before) here

Requirements are both good and necessary, but they do require something that I've noticed a severe lack of amongst programmers: Discipline. The discipline to develop preliminary functional models, perform up front what-if analysis, do the FMEA's and maybe a few MSC models for the interfaces. Then map it all back into what the customer says they want and walk them though it. Sound like a lot of work? It is. It also requires a modest amount of negotiating skill and the willingness to both educate the customer, when necessary, and the determination to stick to your guns when you know you are right, always.

I can hire truckloads of happy little coders who don't have a clue about requirements, and then train them (which I often have to do), but I treasure the software engineer who knows and understands the value of requirements, knows what the term "traceability" means, and can effectively translate the customer's needs and wants into a set of models and requirements definitions that accurately and adequately capture the design objectives.

And, yes, things do change during the course of a project, and new things are discovered. That's why the requirements specification is a "live" document subject to continuous review, and there are things called "derived requirements".

And, just one other thing to consider. If you assume a unit cost of defect removal of one (1) at the coding stage, then it's been shown that finding and removing a defect at the requirements stage only costs around .2! That's right. It gets better. Over half of all errors in SW are introduced at the requirements stage. Not doing any requirements? Then brace yourself for some long and agonizing test and debug sessions. Don't believe me? Take a look at this report:

NIST study on software defects

It's big, but chock full of good information.

For an introduction to requirements engineering, this is one of my favorite books:

Davis' book on software requirements techniques

And lastly, here are some links for the curious:

FMEA/FMECA info
Good article on DO-178B
Some more info on DO-178B
A paper on requirements traceability
Info on SDL and MSC

Then again, I guess there are some folks who enjoy whacking away at their software, growing it "incrementally" (no relation to the formal model, BTW), and spending their time at the back end of the project listening to the customer scream about missed delivery dates while they frantically do the compile-test-debug dance over and over. For myself, I'd rather see it just work with a minimum of verification hassle from the outset and then get on with my life.

no jackass --- you can't just make up your own units

Be bold and be proud of your geekdom! Say "mebibytes" and "gibibytes" in public!!

True, it'd be nice if MiB and GiB became standard. For the record, this link explains the actual SI standards and binary multiples.

I have been thinking all week why the NIST should standardize the windows API.

I think that NIST would be better than ISO/ANSI/IEEE, and they have a working agreement with ANSI. Also the specification would cost less (if at all) than an ANSI/ISO version.

By standardizing the API, you immediately have the government buy the software that uses this standard. It would make our country secure not to be dependent upon one single supplier of an OS (as much as Microsoft thinks otherwise).

It also means that Windows stops being the moving target that it is.

Before you troll me with free enterprise/right to innovate/unnecessary/linux blah blah blah, anything that lessens the cost for everybody is a good idea. The OS is the only thing that has increased in cost as compared to other parts to the computer.

I know linux is free, but the fact remains that the vast majority of computer users use a Microsoft product, and wants to keep their software investment minimal (even though all the software companies want us to continually upgrade).

Do not:
4. Store discs horizontally for a long time (years).

The National Institute of Standards and Technology also has an extensive guide, Care and Handling Guide for the Preservation of CDs and DVDs, including a one-page Do-and-Don't Quick Reference.

The National Institute of Standards and Technology also has an extensive guide, Care and Handling Guide for the Preservation of CDs and DVDs, including a one-page Do-and-Don't Quick Reference.

The National Institute of Standards and Technology also has an extensive guide, Care and Handling Guide for the Preservation of CDs and DVDs, including a one-page Do-and-Don't Quick Reference.

I thought Common Criteria was something already is use to address some of these issues.

While I was a student I worked for a lab on campus that did a lot off stuff with 3D graphics. I remember how much a pain in the butt it was try to move things between different packages ( Autocad, ProE, Catia, Solidworks, 3D Studio Max, Wavefront Advanced Visualizer, Alias Studio, Softimage, Maya, you name it. )

While a universal format sounds like a great idea I am a bit skeptical about this working out. Most of the packages I have run into play with a neutral format called IGES, I use the term play, because in my experience moving any useful amount of data around in it is hit or miss at best.

With 3D data you are messing with so many variables a task specific representation is almost required. Audio isn't really that complicated, compressions techniques aside, most are just based on a pulse code modulation. 2D images start to get interesting, sure there is the good old raster images, but once you go vector there are lots of different formats. The brute force raster like approach to 3D is voxel based images, which are huge, and hardly generally useful in proportion to their size. Maybe we could model the solids, no use using storage space representing empty space. We could just store solid primitives and logic operations on then. This of course can get really big for complicated surfaces. Maybe the surface is all we need, then how do we go about it, polygon approximations? NURBS?

Part of the reason for the different formats are differences just from reinventing the wheel, but some of them are there because the representation they are using is better suited to the application at hand.