Slashdot Mirror

"However, more analysis needs to be put into their plan; more requirements gathering and architecture is needed."

Something I tried to get NASA to support a dozen years ago: http://www.kurtz-fernhout.com/oscomak/

That said, the Factor e Farm people are really trying hard and making some progress in the general area. What is ridiculous is that this is not a top priority issue funded by NASA, NIST, and European counterparts with hundreds of thousands of reasonable paid engineers involved.

Another related idea I posted:
"Getting Greece and Iceland to be 99% self-sufficient by mass; international consortium"
https://groups.google.com/forum/?fromgroups=#!msg/openmanufacturing/YzbzBFjeBkg/HXC7-XHSGLkJ
"Now, does this [Greece running out of tear gas during riots about economics] make any sense if you understand the possibilities of open manufacturing or an open society? In Greece you have a warm climate, access to oceans, lots of sun and wind, an educated populace with a 2000+ year history of democracy (on and off :-), no obvious external enemies declaring war, and so on. And they are so worried about their future ability to make and use things (which is how I translate "fears for Greece's economic future") that they are running out of tear gas? This all makes no *physical* sense. The place should be a paradise. Instead it is in "self-destruct mode" according to one editor. It must be *ideology*. Or, more correctly, ideology *embodied* in a certain type of productive infrastructure. ..."

The closes I know of from the US government is from the Carter presidency: http://www.islandone.org/MMSG/aasm/

Here is something more recent from NIST which is great but not quite as self-replication focused and only had about 20 staff involved (last I heard):
http://www.nist.gov/el/msid/lifecycle/sm_smo.cfm
http://www.nist.gov/el/msid/lifecycle/

Frankly, it feels to me like the failure of engineering academia in the USA to comprehensively work to analyze our productive processes is perhaps a reflection of how much a certain form of capitalist ideology infests US academia. It seems like it is heresy to even consider that anything other than some mystical "market" would decide what would be manufactured or how it would be made or moved between users, even though a lot of companies are being weighed down by supply chains they don't really understand or control. So, in academia you can study one tiny part of how something is made, but you can't try to create an approach to comprehend the whole because that goes against mainstream economic dogma of willful blindness about lifecycle consequences and comprehensive design. Only in a thought experiment like NASA might do about a moon base or something like that is it permitted to discuss the idea of comprehensive planning about how to make *everything* and take it all through a full lifecycle. Meanwhile, we drown in our own e-waste because externalities like disposal are not priced in up-front. Modern computer-based manufacturing has the potential to be so flexible that we could have, if not Star Trek replicators, at least the next best thing of small production runs and mass customization coming out of very flexible manufacturing lines (seem James P. Hogan's "The Two Faces of Tomorrow" for some descriptions of what that would look like, set in a space habitat).

Still, there is the RepRap project and such as an exception in academia. So, I think change is happening, slowly. Maybe the rate of change on this meme is growing exponentially though?

Well, I've done driver work (via the Windows DDK), & it wasn't some "huge hurdle" really!

Fact is, I found that MOST drivers are usually a LOT tinier than larger systems are in moving parts AND lines of code involved, plus, there are templates (in the Windows world @ least).

On "larger systems"? Think information systems (this is my "steady-eddy"work for livelyhood typically since nobody does their books or data EXACTLY the same, there's always room for growth in this type of coding) that I've written over time too!

E.G. -> I worked on a RamDrive driver, based off the MS-DDK template (most, if not ALL, are), in the distant past (1997). Worked out OK too!

* Still - per my subject-line above: I'd be more interested in developing what PEOPLE ACTUALLY USE though, in usermode/ring 3/rpl 3 programs, since that's what I'm used to building for, oh, 18++ yrs. now, professionally...

If Linux needs anything, it's apps & per the discussion you & I just had, in what happened to my roommate & his experience with Linux vs. Windows

"I agree. happened to me the first time I tried ca. 1999. But now ? it's just better than anything else for my needs." - by Anonymous Coward on Sunday October 07, @09:53AM (#41576315)

The Linux kernel's solid (no bugs in 3.3x really -> http://secunia.com/advisories/product/40716/ )

Well, some show here later -> http://web.nvd.nist.gov/view/vuln/search-results?query=Linux+Kernel&search_type=all&cves=on though, but they get fixed quickly enough, usually.

So, for the MOST PART, it's getting very "solid" @ the kernel level... At least as far as bug-tracking & fixes!

Also, from what I heard tell: Mr. Torvalds is VERY interested in bug fixes @ that level, & doesn't delay on fixes... he wants them FIXED AS FAST AS POSSIBLE!

(This is most unlike MS' once a month "Patch Tuesday"... but, then again, you've got to WAIT usually to get those updated kernels in Linux distros too - that is, unless you want to compile & build your OWN kernel update, which is something nice Linux offers also, that Windows doesn't!)

APK

P.S.=>

"it's mainly C and assembler. don't get Linus started on C++ in kernel. ever." - by Anonymous Coward on Sunday October 07, @09:53AM (#41576315)

Assembly &/or C were the 1st two languages I ever learned (well, after BASIC, way, Way, WAY back circa 1982 while in highschool timesharing from a DEC PDP-11 iirc over bootjack modems, lol) in 1994, when I went back for MORE strict CSC degree work (90 hours into the 120 for the B.S., have the AAS work done, long ago - just "chipping away" @ the Bachelors over time, when I have time + can afford it too, of course... lol!)

So - trust me, lol - I never "forgot" them!

However - I don't care to do asm work unless I am in a "jam" for performance (that's in usermode/ring 3/rpl 3 though), since it is a lot more work, & I am not "the greatest" @ it (too many years of NOT using it regularly)...

Still, you step-trace it, look @ data contents in variables, & off you go - nothing different than doing what you do in higher-level langauges (HLL)...

Funniest part on C vs. C++ for me:

I learned C first, & immediately afterwards, took C++ - I found it CONFUSING AS HELL, since the syntax of C can be used in most C++ compilers (think scanf vs. cin/cout), but it was more how you THINK about & CONSTRUCT programs in them that "threw me" for awhile, lol, & if you've been there? You know EXACTLY what I mean!

In fact, I'd tell anyone, especially nowadays? Take C or C++ but not both, or, @ least not in the order I did, lol...

... apk

NIST statistics show that over half the agencies have made "no progress" in their IPv6 deployment. It is good that the government is doing this, but too many agencies are asleep at the wheel. It does no good when the agencies will not do what they are required to do.

I don't want to sound all negative here, but... I don't have a choice, do I? A visible light spectrophotometer will not "detect toxins", no matter how much you try to make it open-source or crowd-sourced. The very concept of identifying compounds by visible light absorbance is very much flawed. Thing is, *most* molecules will not absorb visible or near UV light in a way that is specific enough. Real Chemists (TM) traditionally use the so-called IR fingerprint region for this purpose. This region is from approx. 700 to 1500 cm-1 (about 6 to 20 uM - that is 6000 to 20000 nanometers). A special detector is needed for these wavelengths. The one we have in our lab is cooled with LN2 and costs south of $15K. We also have a UV-Vis spectrophotometer, which has its own purpose. That purpose is not "identifying toxins", or analyzing any unknowns. Now, on to my next point. Identifying molecules is challenging, because they are very, very, very mindbogglingly small. Chemists have been grappling with this challenge for a long time. There are many spectrometric methods out there, including IR and UV-Vis (briefly discussed above), near-IR (900 to ~1800 nm, useful for *some* fingerprinting), and NMR (60-1000 MHz, very informative, bit needs a BIG magnet). Spectral data for many molecules of interest has been compiled into readily accessible databases, and is easily accessible. Some of the databases are proprietary/pay-per-view: https://ftirsearch.com/features/libraries/sea407.htm Some are semi-public: http://riodb01.ibase.aist.go.jp/sdbs/cgi-bin/direct_frame_top.cgi And some are government/public: http://webbook.nist.gov/chemistry/ The people who started this project do not seem to grasp of the very basic concepts of chemistry, nor did they do any research on the subject. Reading a Wikipedia article on UV-Vis would have been a good start. What is even more disconcerting is that the fundraising effort behind this cardboard spectroscope has been a success. One just has to hope that nobody buys this to screen their food for "toxins", or to teach their kids chemistry.

Coincidentally Java 6 update 35 was also released at the same time. The release notes cite a security fix. All CVE entries and info I could find only describe this issue as a Java 7 vulnerability. I had not see any confirmation yet that it also applied to Java 6 other than the brand new update.

Well strictly speaking remote processing isn't necessary nor is it always present. Remote storage with redundancy and backup managed by others (Skydrive, dropbox) is really what most people see. If you get any remote processing (aka amazon, Azure) its probably more akin to scalable hosting.

Lumping all those different capabilities under one name helps no-one.

Well, strictly strictly speaking, the cloud doesn't have to be remote at all. Here is the NIST definition of the cloud, which we use to avoid cloudy wording when it comes to clouds. It doesn't even contain the word remote. It speaks only of availabilty, scalability and the likes.

You mean besides wikipedia and the NIST report.. Of course if you are going to ignore evidence or can't be bothered to read it, then you are a conspiracy kook.

Can hydrogen masers amplify any frequency? I admit I know next to nothing about them, but I was under the impression they could only amplify at the resonant frequency of hydrogen (e.g. see http://tf.nist.gov/general/enc-h.htm)?

"the Linux kernel circa 3.3 onwards (no known security issues I am aware of at least - not even LOCALLY exploitable ones, & that's pretty damned good, unless others here can show me otherwise to correct me with more current information...)." -

Well, I should've KNOWN BETTER that any of you "Linux Penguins/Fanboys" would expose what I was actually looking for, so, I went looking for myself:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2133

PERTINENT QUOTE/EXCERPT:

---

"Overview

Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data."

---

* Well... there you go - Guess the 3.3x kernel build wasn't as "solid" as I thought (& secunia didn't have the information, as they're my usual source & *FAIRLY* current, but not like NIST or US-CERT are as I noted earlier in my init. post I am replying to now...)

(Bright side is, it appears to be a LOCAL EXPLOIT, not a REMOTE one (worst kind) - might even be patched by the time you all read this hopefully, & I didn't "dig that deep" to make sure admittedly, so, there you are!)

APK

P.S.=> Let's hope that kernel build 3.5x (which this article's about) & beyond corrects THAT, because otherwise? It's looking thusfar to be a solid "bugfree & bulletproof" (as I call it) kernel... however: I do DOUBT it will remain thus, but it's getting there (hopefully)... apk

The energy equivalence of a single proton is (google) about 1 GeV (938MeV = 0.938 GeV ~ 1 GeV).

ref: http://physics.nist.gov/cgi-bin/cuu/Value?mpc2mev

Full Disclosure: Calculating particle masses based off the component quarks would leave me confused, too.

If only there was a standards group, like NIST, that could determine what the acceptable key lengths were.

Oh yeah, NIST does have a publication on this topic and stated that 1024 bit keys were no longer acceptable back in ... 2010.

by the way, is it really 1024 bit encryption keys as stated in the article? I thought that the encryption keys were symmetric and its' the signature of the public key that's 1024 bit.

http://blog.lumension.com/5365/what-the-security-features-of-apples-mountain-lion-mean-for-the-enterprise/

And ASLR was adopted 12 months ago and updated system patching. Looks like what Micrsoft has done for years Apple has caught up in some ways.

What is noteworthy is Apple cant make their OS secure enough to hold FIPS 140-2 certification.

So now, it doesn't matter that Apple HAS certain security features; but rather WHEN they were adopted? Again, changing the parameters of the original statement "completely unprepared".

OS X has had limited ASLR since 10.5 (Leopard), which launched in 2007. Windows introduced limited ASLR in Vista, which launched... in 2007. So where are those "years" you crowed about? BTW, you will note that not only does Windows ASLR have to be disabled for "compatibility reasons", but that it has several known shortcomings. In contrast, OS X 10.8 (Mountain Lion)'s ASLR appears to be not only system-wide, but also a much more robust implementation than in either Windows or Linux.

And as far as FIPS 140-2 is concerned, both OS X and Windows 7 can be brought to FIPS 140-2 Level 1. Neither goes further. But keep in mind that NIST hasn't had a chance to test against OS X Mountain Lion (10.8), which has security features that are stronger than its predecessors. So now what?

Oh, and apparently you are behind on your reading; for here is an Apple Tech Support document on how to set up and maintain a FIPS-compliant system in OS X 10.7 (Lion). The tech support article also has "Additional Information" regarding OS X's FIPS 140-2 compliance.

So, you might do just 10 seconds of research before you open your mouth next time, AC.

Oh, and that article you mentioned is far from unbiased, and is chock-full of inaccuracies and hyperbole, as I have pointed out in this comment. However, a complete analysis of the lies and exaggerations in that article would take about 10 pages, and I don't have time for that right now, especially for an AC.

according to that link PBKDF2-HMAC-SHA512 is, when implemented correctly; as an example of bad implementation see that microsoft blog post about .NET 2.0 (we are at 4). A good place to start is to understand that jargon is RFC 4868 as it has almost all the links to the pertinent material.

http://tf.nist.gov/tf-cgi/servers.cgi

Step 1: Open Browser
Step 2: Put "nist ntp" in browser/search bar
Step 3: Click Enter
Step 4: Click on first link
Step 5: Copy link to Slashdot
Step 6: Use the remaining 8 seconds of your 10 second break to highlight what steps you took to get that link

For starters:

- IEEE P1363.3 http://en.wikipedia.org/wiki/IEEE_P1363#Identity-based_public_key_cryptography_based_on_pairings_.28P1363.3.29
- NIST http://csrc.nist.gov/groups/ST/IBE/index.html

> I guess "cloud" at this point means, "Running your programs on a computer with a network connection."

Here's a reasonable and widely-accepted definition from NIST:

http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

RS

I believe NIST has a definition of what the cloud is - http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
It will go through several iterations, just like SOA did.

Also, cloud isn't a meme it's a buzzword.
Virtualization hasn't been replaced by the term cloud neither has it changed it's meaning, with that you are mistaken.(There are some people that refer to virtualization as cloud, but those are mostly people that want to mock both terms)


I'm just waiting for someone to throw in "The cloud is just a bunch of servers". Just like it was quite usual for some people to say "SOA is a bunch of SOAP web services."

And I used to denote the internet as the cloud, simply because of the elasticity of the resources it referred to. And that migrated into the cloud successfully. I also denoted many external providers of facilities management in a shape of a cloud in a departmental diagram.

http://www.nist.gov/manuscript-publication-search.cfm?pub_id=909017 That is all.

FIPS140 is a stupid standard.

Respectfully, you are doing your clients a severe disservice if you make this claim. As noted elsewhere, use of a validated library has almost nothing to do with 140-2 compliance. If you care to review the certified compliance modules, you will note that there are (a) multiple different forms of validated crypto, even within given standards, and (b) the number of required compliance mechanisms within a given module are far higher than any other unclassified government standard.

If you want DNSSEC and don't want BIND, your only other open-source option is Unbound; MaraDNS doesn't have DNSSEC either, and PowerDNS only has it for the authoritative code.

You apparently don't understand how NTP works. I've been using it in dozens of places for 20-odd years, and have NEVER had the server lose the time. For one thing, one never depends on a single server. The entire protocol is based on smartly balancing the information from multiple servers, ideally (but not necessarily) including multiple local servers on the LAN. If the network goes down, every machine running NTP uses its already-created drift factor to maintain the time as closely as it can, usually within a second every day or better. NTP also supports using one's own a hard-realtime physical clock which could be GPS, or one's own atomic clock, etc., either independently or in conjunction with remote servers, so it's not necessary to go outside the LAN. I think it's even possible to use the clock signals maintained by the US NIST, WWV, albeit less accurately than over the net.

So if done at least half-assedly correctly, the only way someone is going to inject wrong time is to get access to the internal NTP servers on the LAN. And if the time is changed too quickly on the server, all of the clients will reject the server as unreliable and maintain their own time until things get straightened out.

IOW, NTP is remarkably robust. All those issues that you or I could think of were worked out by the creators of the protocol, for use in situations including military requirements.

It's even possible to have a local server on the LAN periodically dial up a remote server and ask the time. This isn't very practical but it is doable.

In my country, it's not over power lines, but it's close enough: WWVB

We've had decades now to bulletproof NTP

... and in fact we've already done so.

There is no excuse for failing to implement it.

You do realzie there is a Should the hospital not trust that?

Why not just use radio instead?

Nice theory, although if the couple of "atomic" clocks I have around the house are any indicator, it's not a great plan. They only can pick up the radio signal at night (something to do with the ionosphere IIRC), and this in my house with windows in every room. In a hospital? Good luck...

Why not just use radio instead?

Entry points:
http://web.nvd.nist.gov/view/vuln/search-results?query=LINUX&search_type=all&cves=on

Did you even look at that list? I'll admit that I only looked at the first 10, but I kinda noticed a pattern. These were all 3rd party applications, HP SNMP, Adobe Flash (this was a third of them and affected ALL OSes), F5 Firepass (what is that?), Quantum Scalar i500 tape library (with a certain firmware version). I saw one for Apache, but it required an out of date package version with mod_php loaded and gave a local user the ability to take advantage of cross site scripting.

Here's the list for windows, the first 5 are actual Windows problems:
http://web.nvd.nist.gov/view/vuln/search-results?query=WINDOWS&search_type=all&cves=on

Entry points:
http://web.nvd.nist.gov/view/vuln/search-results?query=LINUX&search_type=all&cves=on

Did you even look at that list? I'll admit that I only looked at the first 10, but I kinda noticed a pattern. These were all 3rd party applications, HP SNMP, Adobe Flash (this was a third of them and affected ALL OSes), F5 Firepass (what is that?), Quantum Scalar i500 tape library (with a certain firmware version). I saw one for Apache, but it required an out of date package version with mod_php loaded and gave a local user the ability to take advantage of cross site scripting.

Here's the list for windows, the first 5 are actual Windows problems:
http://web.nvd.nist.gov/view/vuln/search-results?query=WINDOWS&search_type=all&cves=on

Global Warming: Separating the noise from the signal
Separating Signal from Noise in Global Warming
Uncertainty, noise and the art of model-data comparison

I wasn't able to find any articles that I consider credible that talk about this small signal to noise ratio (when dealing with appropriate lengths of time). Do you know of any I could read?

No sorry, I am not. I wish I was because I am sure to get down modded for my blasphemy.

Entry points:
http://web.nvd.nist.gov/view/vuln/search-results?query=LINUX&search_type=all&cves=on

Hooks:
any shell script/start-up script (many execute with user write permission out of your home folder) do you have a compiler on your system?!

The only thing saving linux from beeing rooted often is its userbase. Does Linux have anything like windows SFC? No not really. At least there are only a handful of auto-run methods in windows and a subsystem that does a somewhat decent job of enforcing no new hooks are created.

Sad fact is because Linux is so open it's mostly a race between white hats and black hats. Add desktop users and desktop apps into the mix and there will be more black hats and a longer delay between applied fixes.

You may argue that most linux problems are third party software or configuration, but I can argue the same for Windows.

That said, I use both... but in by no means is my descision to use either based on this false sense of securtiy about the mal-ware eco-system.

BitLocker is FIPS 140-2 certified, I seriously doubt there is a backdoor in it.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm

WWV? Then at least it should be on time.

But units wouldn't need to be labeled if everybody used the same system. The continued existence of the zombie Imperial system is the root cause of the problem.

Which is why SI has a number of accepted units. You'll note that both the eV and the astronomical unit are there, but not the feet or yards used by Lockheed to send a rocket past Mars.

ALWAYS LABEL UNITS! This was the ONLY cause of the problem with the mars orbiter. If Lockheed used kilometers as their units instead and Nasa assumed meters the probe still would have had problems. If I tell you I have an energy of 5 does that mean 5 eV or J? You don't know if I don't label it.

The Mars Climate Orbiter was a case of someone not labeling their units. The unit system wasn't the problem.

But units wouldn't need to be labeled if everybody used the same system. The continued existence of the zombie Imperial system is the root cause of the problem.

Secondly SI isn't always the best unit of measurement for performing calculations. In plasma physics we use eV in stead of joules for energy because it simplifies our work. In astro physics measuring distances in the SI unit of length, the meter, is impractical

Which is why SI has a number of accepted units. You'll note that both the eV and the astronomical unit are there, but not the feet or yards used by Lockheed to send a rocket past Mars.

its not - there are a lot of people screaming how 'only using lower case letters makes it easy to crack', the cracking algorithms can't know that, so they (assuming they're brute-forcing it) still have to try uppercase and punctuation too. Now, the one benefit might be that some cracker tools will exhaust all lowercase combinations first and then try adding numbers, capitals and punctuation later in which case it is quicker to hack, not easier. However, most people who have only lowercase letters also use real words, which makes these passwords trivially easy to hack using a dictionary attack (where you compare the hash against a pre-encrypted set of words taken from a dictionary).

You can tell the number of characters in the password though, that's usually the biggest factor. Longer = better and the Georgia Tech Research Centre says a minimum should be 12 characters.

The biggest factor in cracking is getting the hash though, but once you've got that, with modern CPUs, a 7-letter (ie 33 bits worth of data) will take about 16 minutes to crack using bruteforce methods. So even if the user stuck to lowercase, that might reduce the time to 8 minutes. woo.

They should be mandated to the existing federal security standards provied by NIST:
http://csrc.nist.gov/publications/PubsFIPS.html

This should include approved cryptographic protection of the protocol including HMAC.

As someone who has found and reported a (now) patched security vulnerability to that email address, I can say that I agree with Boris Sharov's complaint. You do get an automated response with a case #, that includes the text

We do not automatically provide status updates on issues as we work on them, but please feel free to request one if needed by replying to this message.

However, I received no replies to when I did request status updates (and supplied additional information about the affected systems with explicit instructions about what needed to be done to fix existing systems). Even when I contacted other sources (Secunia, who confirmed the problem, and US-CERT), I received nothing from Apple. Nor was the problem addressed in two releases of QuickTime in the year following my report.

How I finally got a reply from Apple was sending an email to sjobs@apple.com on Sept 4, 2010 with a copy of the now year old security report, and my statement that I was taking it to the full-disclosure list if I didn't hear back from Apple by Sept 15th. Fewer than 6 hours later (on a Saturday), I had a status update from Apple. Here's the meat of that reply:

Just wanted to let you know that a fix for this issue has been identified, and we are targeting an upcoming release of QuickTime to address it.

We provide status updates upon request.

Subsequent emails always got a reply, but before I sent my email to sjobs, it was like talking to a wall. Also, despite assurances that they understood the extent of the problem and my explicit instructions about needed remediation for affected systems, when they finally released the fix 3 months later, it only corrected the problem and did not provide remediation for the permissions on already affected systems, nor did it even mention that there were permissions to be fixed.

When it became clear that no remediation fix, nor an acknowledgement of the problem was coming from Apple, and ample time had passed for users to have installed the updated version of QT, I submitted my own fix to the Full Disclosure mailing list.

In total, it was 15 months for Apple to release a fix, a fix that in all likelihood involved altering or removing two lines of code that were granting excessive privileges to specific directories. Even then, they did not correct the permissions on machines that were already affected.

So, in my opinion, Apple has a long way to go in developing and maintaining communications with those who report security vulnerabilities. And in acting upon those reports in a timely and responsible way.

Lots of people fail at preventing SQL Injection. Lots of people who really ought to know better: http://web.nvd.nist.gov/view/vuln/search-results?query=SQL+Injection&search_type=all&cves=on

This isn't magic, and it's no replacement for a good secure software development program, but it's a fair bit better than nothing.

I think we can agree that the only way for a building to fall straight down is if all of its support is removed simultaneously. If one section goes before another, it should topple. no?

Or if all of its support is *weakened* simultaneously. The fire had spread throughout the entirety of the floor and was weakening all of the supports at the same time.

It's in the NIST report. http://www.nist.gov/customcf/get_pdf.cfm?pub_id=861610 See page 45 of the linked PDF.

I read it. Apparently you didn't. "The average time for the upper 18 stories to collapse, based on video evidence, was approximately 40 percent longer than the computer free fall time." After that, yes, it reached close to free-fall acceleration, because at that point the structure could no longer maintain any meaningful resistance to the massive force of the already collapsed floors smashing down on it.

I will agree with that. But a tendency is not the same as did-it-three-times-in-one-day. If all that is required to get a tall building to fall straight down is damage it and set it on fire, the demo industry should look a lot different.

The demo industry looks as it does because it has to get fall-straight-down *all the time* and not just *almost all the time*.

Sure it can, and it *will*, if the "something in the way" is evenly distributed.

I think we can agree that the only way for a building to fall straight down is if all of its support is removed simultaneously. If one section goes before another, it should topple. no?

Evidence on the free-fall speed assertion, please.

It's in the NIST report. http://www.nist.gov/customcf/get_pdf.cfm?pub_id=861610 See page 45 of the linked PDF.

Getting a *small* building to not fall on surrounding buildilngs can be difficult. The bigger a building is, the more it weighs, *and* the greater the load on the supports (square-cube law), and greater the tendency for it to fall straight down (and the faster it will so fall, as well).

I will agree with that. But a tendency is not the same as did-it-three-times-in-one-day. If all that is required to get a tall building to fall straight down is damage it and set it on fire, the demo industry should look a lot different.

http://www.nist.gov/public_affairs/releases/aluminum-atomic-clock_092310.cfm

The Aluminium Atomic Clock seems to be roughly as accurate (1 second every 3.7 billion years, so at worst 1/20th as good as the accuracy claimed in the article) and doesn't seem to use unstable isotopes. For now, at least, I'm going to say the Aluminium Atomic Clock is the way to go for any actual experimental use at that level of precision.

It's an exciting idea, and it's streaks ahead of 'traditional' microwave transition atomic clocks. These do not represent the state of the art, however, for which one should look at the experimentally demonstrated ~9e-18 accuracy by the Wineland group at NIST http://arxiv.org/abs/0911.4527v2 ; http://www.nist.gov/physlab/div847/grp10/ , or the Strontium ion clocks at NPL (Teddington, UK) Essentially, the higher the frequency, the more clicks you get in a certain time, and the more accurate your clock can be (the smaller an error one missed click would represent). The caesium atomic clock is about 10 GHz (1E10 Hz). Strontium is in the optical, so a few 100THz (1E14). Aluminium ions are at about 1PHz (1E15 Hz). This new proposal with Thorium is around 7.6eV, which is about 2PHz, so not a million miles away from the current, demonstrated, state of the art. Also... orbit of the neutron around the nucleus isn't a fair description of a magnetic dipole transition, which would more accurately be describes as a flip in the direction of the neutron's spin axis. :)

The beams were all weakened by fire, right? If column 79 is going down, why wouldn't its weakened beam attachments fail?

That's exactly what happened.

Instead of drawing on memory, I'll just quote the damn engineers who know a hell of a lot more about this than I do. I don't need someone screaming at me that I misremembered some detail and I'm obviously a shill for the CIA.

Fire-induced thermal expansion of the floor system surrounding Column 79 led to the collapse of Floor 13, which triggered a cascade of floor failures. In this case, the floor beams on the east side of the building expanded enough that they pushed the girder spanning between Columns 79 and 44 to the west on the 13th floor. (See Figure 1–5 for column numbering and the locations of girders and beams.) This movement was enough for the girder to walk off of its support at Column 79.

The unsupported girder and other local fire-induced damage caused Floor 13 to collapse, beginning a cascade of floor failures down to the 5th floor (which, as noted in Section 1.2.3, was much thicker and stronger). Many of these floors had already been at least partially weakened by the fires in the vicinity of Column 79. This left Column 79 with insufficient lateral support, and as a consequence, the column buckled eastward, becoming the initial local failure for collapse initiation.

Due to the buckling of Column 79 between Floors 5 and 14, the upper section of Column 79 began to descend. The downward movement of Column 79 led to the observed kink in the east penthouse, and its subsequent descent. The cascading failures of the lower floors surrounding Column 79 led to increased unsupported length in, falling debris impact on, and loads being re-distributed to adjacent columns; and Column 80 and then Column 81 buckled as well. All the floor connections to these three columns, as well as to the exterior columns, failed, and the floors fell on the east side of the building. The exterior façade on the east quarter of the building was just a hollow shell.

The failure of the interior columns then proceeded toward the west. Truss 2 (Figure 1–6) failed, hit by the debris from the falling floors. This caused Column 77 and Column 78 to fail, followed shortly by Column 76. Each north-south line of three core columns then buckled in succession from east to west, due to loss of lateral support from floor system failures, to the forces exerted by falling debris, which tended to push the columns westward, and to the loads redistributed to them from the buckled columns. Within seconds, the entire building core was buckling.

The global collapse of WTC 7 was underway. The shell of exterior columns buckled between the 7th and 14th floors, as loads were redistributed to these columns due to the downward movement of the building core and the floors. The entire building above the buckled-column region then moved downward as a single unit, completing the global collapse sequence.

Please read the "official" NIST reports on all incidents. The information is avaliable to you at no cost.
http://www.nist.gov/el/disasterstudies/wtc/

Erm... no. I do not trust any Government to tell the Truth.

Construction steel melts at 825C. Kerosene DOES NOT burn this hot, even in the presence of a pure oxygen source. This tells me that kerosene fires did not cause the collapse.

You don't have to melt steel to weaken it enough for it to become useless. Had you read the goddamn report you would have understood this.

Read my previous line.

I don't swallow the official lines because they are bullshit. I have my own theories on what happened.

One is always able to manage to find evidence that fits their narrative. The question is what next? Claim victory and turn off your brain or expend some critical attention to try and discredit your own ideas and conclusions? Crackpots are crackpots because they lack necessary discipline and vigor to question their own feelings.

I said THEORIES. I have the discipline and vigour to formulate my own instead of letting someone else do my critical thinking for me.

Try it, you might like it.

Look over Jane Standley's left shoulder, that's the roof of WTC7 still 47 stories up and not collapsed

WTC7 was on fire and all fire control efforts had been pulled from that building. It was not worth risking more lives to try and save it... the assumption was for quite some time it was going to burn down.

WTC7 WAS NOT ON FIRE AT THAT POINT. LOOK AT THE FUCKING VIDEO. ALSO, THE BUILDING WAS EMPTY, AS IT HAD BEEN ALL MORNING.

  Read the final WTC7 report... took them long enough..There are plenty of pictures of the damage with eloborate time lines on what happened when.

BTW in the 911 commission report Cheney reported it was his understanding planes had already been shot down when in fact none had. We had the VP of the country with wrong information so before we rev up the conspiracy machine against BBC bumbling facts might I suggest we should at least be willing to accept the idea this sort of thing is not unprecidented.

WTC7 was PULLED. It was DEMOLISHED.

As for the BBC "bumbling": no, they didn't "bumble". There were TWO newscasters on that live broadcast who BOTH SAID WTC7 HAD COLLAPSED, when it QUITE PLAINLY HAD NOT. THEY EVEN DESCRIBED THE FACT THAT IT HAD 47 FLOORS. THEY WERE LYING.

...and the point where you used several exclamation marks consecutively was the point where the last lingering threat of credibility in your argument disappeared in a puff of smoke

Please read the "official" NIST reports on all incidents. The information is avaliable to you at no cost.
http://www.nist.gov/el/disasterstudies/wtc/

Construction steel melts at 825C. Kerosene DOES NOT burn this hot, even in the presence of a pure oxygen source. This tells me that kerosene fires did not cause the collapse.

You don't have to melt steel to weaken it enough for it to become useless. Had you read the goddamn report you would have understood this.

I don't swallow the official lines because they are bullshit. I have my own theories on what happened.

One is always able to manage to find evidence that fits their narrative. The question is what next? Claim victory and turn off your brain or expend some critical attention to try and discredit your own ideas and conclusions? Crackpots are crackpots because they lack necessary discipline and vigor to question their own feelings.

Look over Jane Standley's left shoulder, that's the roof of WTC7 still 47 stories up and not collapsed

WTC7 was on fire and all fire control efforts had been pulled from that building. It was not worth risking more lives to try and save it... the assumption was for quite some time it was going to burn down.

  Read the final WTC7 report... took them long enough..There are plenty of pictures of the damage with eloborate time lines on what happened when.

BTW in the 911 commission report Cheney reported it was his understanding planes had already been shot down when in fact none had. We had the VP of the country with wrong information so before we rev up the conspiracy machine against BBC bumbling facts might I suggest we should at least be willing to accept the idea this sort of thing is not unprecidented.

I've got one of those atomic radio clocks that updates its UTC time via radio and changes its DST setting on its own. Unfortunately, it changes on the old change dates, so I change it four times a year instead of two (or none); today, wait for it to auto-change, change it again, etc. http://www.nist.gov/pml/div688/dst.cfm

Calm down dude, and explain why WTC7 came down.

I can help you with that.

Questions and Answers about the NIST WTC 7 Investigation
World Trade Center Disaster Study
Debunking the 9/11 Myths: Special Report

Calm down dude, and explain why WTC7 came down.

I can help you with that.

Questions and Answers about the NIST WTC 7 Investigation
World Trade Center Disaster Study
Debunking the 9/11 Myths: Special Report

Sadly, these links never go out of style.

Debunking the 9/11 Myths: Special Report
Questions and Answers about the NIST WTC 7 Investigation
World Trade Center Disaster Study

Sadly, these links never go out of style.

Debunking the 9/11 Myths: Special Report
Questions and Answers about the NIST WTC 7 Investigation
World Trade Center Disaster Study