Slashdot Mirror

Why? Timing isn't an issue. The drift in phase due to the thermal expansion and contraction of the materials carrying the power is a bit of a nuicense, but using better-grade materials (making behaviour more predictable and more controllable) would solve some of that and substations are quite capable of handling the marginal extra complexity of preventing errors from accumulating.

The added complexity is needed anyway as virtually every major blackout in history (including all the ones in recent times) have been due to crappy power routing, even crappier signalling of faults and absolutely pathetic to the power of crappy management of what signals are sent. A decent communications infrastructure, together with competent error handling and proper fault-tolerence, is absolutely essential if we're to avoid having the grid toast itself the next time a branch falls or a solar storm hits.

But if you're going to have that kind of oomph anyway, with all that it would take to make sure the complexity is not itself a weakness in the system, is it seriously too much to ask to add in the necessary analogue hardware to lock the phase at 60 Hz with zero deviation within any sane or rational level of measurement? Hell, if it weren't for the fact that two top analogue engineers have just died (one of a stroke, the other from a car accident), it would be a cakewalk to make it zero deviation within assorted insane levels of measurement. As it is, it's merely difficult enough to be interesting.

Report PDF here.

That is true, though you are always presented with the permissions the app wants at the time of install (again, speaking of BBOS). The process cannot be turned off, and with only a cursory glance it tells you if an app is asking for permission to access something that is completely illogical for it to be accessing. The understanding is relatively simple, though it requires the user to care. That's the real problem with security. The weakest link is usually the person using the device, and there's not much security out there that can account for a user who doesn't care. No consumer system is likely to succeed with enforced security, though Blackberry comes the closest. It also has the potential to be locked down further in cases where the user (or more likely, the user's employer) deems in necessary.

Even if the Android process is hampered by lack of developers practicing moderation in permission requests, you can at least say it has granular permissions available. Granted, that's unlikely to make a difference for the average user though.

Just out of curiosity, I looked up Blackberry, Android, and iPhone up on the National Vulnerability Database. BB has 40, Android 59, and iPhone 131.

Let's look at some alternative alternative math: that 3.3 billion passwords/sec were at http://www.golubev.com/files/ighashgpu/readme.htm. Note that this is the speed for cracking MD5 passwords, which were deemed "almost ready to crack" a few years ago. Modern Linux systems all support sha256 and sha512 hashing; given that this tool is 1/3 slower for sha1 (aka "sha160"), one can guess that current sha2 (sha256/sha512) algorithms will be slower. It's also worth nothing that the algorithms supported by the tool mentioned in the article are *all* not supposed to be used as of 2009: http://csrc.nist.gov/groups/ST/hash/policy.html; the tool doesn't currently even support the sha2 algorithms. The common algorithms which are currently supported (ie, md5) have been breakable in fractions of a second through rainbow tables for years anyway - which was NIST's point, IIRC.

I suppose I'll also note that the Ubuntu 11.04 system I'm typing this upon right now is configured out of the box to use sha512 hashing in /etc/shadow (check /etc/login.defs on most Linux systems, look for password strings which start with $6$). Assuming the use of PAM for anything important and passwords stored either in root-only shadow file or in an LDAP directory which does compare-only access or server-side hashing, and a secure transport such as current TLS, then this is a non-issue on a Unix system which hasn't already been compromised. It'd be easier and probably more effective, as usual, to socially engineer a password (or otherwise gain access through the human interface weak point) than to get password hashes and break them.

The SHA family is coming to an end; it's just a matter of time.

An end, but also a beginning; the final selection of the hash algorithm that will become SHA-3 is scheduled for 2012.

The current candidates are all faster than SHA-1 on platforms without hardware acceleration, even with the added security. Unless a weakness is discovered after the standardization, SHA-3 should eventually replace SHA-1 in all security critical applications.

"When fossil fuels are exhausted, there may be a mass die-off event within the human species, due to the massive reduction in possible food production and transportation. "

Baloney. Who is feeding this to you? Why? Who profits from your fear?

We have centuries of coal (but it is polluting). Thorium can power our civilization for thousands of years. We have an effectively infinite supply of solar energy. People are working on zero-emissions manufacturing. We can grind up rock to make fertilizer. And so on.

References off the top of my head:
http://www.treehugger.com/files/2009/09/surface-area-required-to-power-the-whole-world-with-solar-power-wind.php
http://nanosolar.com/nanosolar-technology-overview
http://www.neowin.net/forum/topic/993314-thorium-reactor-talk-at-ted/
http://www.nist.gov/el/msid/dpg/slim.cfm
http://www.remineralize.org/

We may even have cold fusion thanks to one of the many people you perhaps wish was never born as he took up to many resources?
http://en.wikipedia.org/wiki/Energy_Catalyzer

Who has infested your mind to what end with so much negativism so that you are less likely to have kids? Who is making money off of that? Are there much uglier imperatives at work in the people who tell you this? Example:
"The Greening of Hate"
http://peakoildebunked.blogspot.com/2005/09/106-greening-of-hate.html

Did the world end when we went through "Peak Whale Oil" a century or so ago? You're still here, right?

Now, we may still blow ourselves up fighting over mis-perceived scarcity. But that is a different problem.

Resources do not exist before the human imagination looks at the universe and turns things into resources. Otherwise, say, we would not have aluminum, produced because some imaginative people figured out how. We would not have solar panels without people figuring out how to make them. And so on.

Here is a quick comparison of the beliefs of say, William R. Catton (who wrote "Overshoot") and Julian L. Simon (who wrote "The Ultimate Resource").

Catton:
* People are the problem
* People consume resources
* People take up space leading to overcrowding
* There is a fixed amount of material resources on the Earth

Thus he predicts (with some glee?) a big die-off.

Simon:
* People are the solution
* People produce resources
* People create spaces worth being in
* The human imagination creates new resources

Now, there is truth to what both of these authors say. But ultimately, you can decide for yourself which path leaning more to one or the other is more likely to produce a future more worth living in, given the truth about solar power, thorium power, grinding up rock, and so on.

Our electricity and natural gas consumption might even go down if we switched to electric cars, by the way:
http://www.evnut.com/gasoline_oil.htm
"To extract one gallon of gasoline (or equivalent distillate): 9.66 kWh (maybe not all in the form of electricity*)
To refine that gallon: 2.73 kWh additional energy (maybe not all in the form of electricity*)
Total: 12.39 kWh per gallon.
*Roughly one-third of the energy content of a gallon of gasoline produced from California wells is input from natural gas. Less than 2/3's is net energy (probably a lot less!).
So I can get 24 miles in my ICE on a gallon of gasoline, or I can get 41 miles (at 30

Small note of interest - China approached the US a few months ago and asked permission to translate the Guidelines for Smart Grid Security into Chinese (which was granted). If you haven't looked at it before, at least look at the introduction - it's pretty comprehensive, and comes from the NIST Smart Grid Interoperability Panel (SGIP), which is a partnership between NIST, academia, and private and public companies (yes, Google too).

Small note of interest - China approached the US a few months ago and asked permission to translate the Guidelines for Smart Grid Security into Chinese (which was granted). If you haven't looked at it before, at least look at the introduction - it's pretty comprehensive, and comes from the NIST Smart Grid Interoperability Panel (SGIP), which is a partnership between NIST, academia, and private and public companies (yes, Google too).

Small note of interest - China approached the US a few months ago and asked permission to translate the Guidelines for Smart Grid Security into Chinese (which was granted). If you haven't looked at it before, at least look at the introduction - it's pretty comprehensive, and comes from the NIST Smart Grid Interoperability Panel (SGIP), which is a partnership between NIST, academia, and private and public companies (yes, Google too).

Small note of interest - China approached the US a few months ago and asked permission to translate the Guidelines for Smart Grid Security into Chinese (which was granted). If you haven't looked at it before, at least look at the introduction - it's pretty comprehensive, and comes from the NIST Smart Grid Interoperability Panel (SGIP), which is a partnership between NIST, academia, and private and public companies (yes, Google too).

I do not trust the government to tell the truth on matters this large. While I doubt bin Laden is alive, I doubt the official version of his death even more.

Let's see..... the US Government announces he is dead:

Obama Announces Death of Osama bin Laden

The terrorist organization he headed announces he is dead:

Text: Al Qaeda statement confirming bin Laden's death

The regional troublemaker with a strong intelligence agency and an avowed enemy of the US announces he was dead before the operation:

Iran's intelligence chief says bin Laden died long before the 'alleged raid'

Family members denounce his death:

My father's death was criminal and I may sue the U.S.: Bin Laden's son slams Al Qaeda leader's killing

The locals are protesting his death:

Pakistani tribesmen protest

At this point, I think anyone doubting Bin Laden's death is about ready to star in their own personal Truman Show, and doesn't really need more news or photographs.... maybe a shrink or philosopher. Cogito ergo Bin Laden moritur.

The looney bin is getting crowded. Sanity: step 1, step 2....

Here's the press release http://www.nist.gov/public_affairs/releases/miniclock.cfm http://tf.nist.gov/ofm/smallclock/CSAC.html The 2011 version is comparatively huge -- http://www.smartertechnology.com/images/stories/rcjAtomicClockChip.jpg http://tf.nist.gov/ofm/smallclock/CSAC_files/shapeimage_6.png

Here's the press release http://www.nist.gov/public_affairs/releases/miniclock.cfm http://tf.nist.gov/ofm/smallclock/CSAC.html The 2011 version is comparatively huge -- http://www.smartertechnology.com/images/stories/rcjAtomicClockChip.jpg http://tf.nist.gov/ofm/smallclock/CSAC_files/shapeimage_6.png

Here's the press release http://www.nist.gov/public_affairs/releases/miniclock.cfm http://tf.nist.gov/ofm/smallclock/CSAC.html The 2011 version is comparatively huge -- http://www.smartertechnology.com/images/stories/rcjAtomicClockChip.jpg http://tf.nist.gov/ofm/smallclock/CSAC_files/shapeimage_6.png

A version of the atomic fountain technique should work for samples of a few thousand anti-hydrogen atoms. Cool them in the center of your chamber, release them, and watch for the burst of gamma rays as they hit the bottom of the chamber (or the top if matter and antimatter repel).

If you can't cool them that much send a low-energy beam of them down a long horizontal tube and measure the droop.

Yes, all official stories are true.

Because all conspiracy theories are true?

Asymmetric damage causes symmetric collapse of buildings. It happened three times in one day, it has to be the truth.

I once had an Industrial Arts instructor question my class on what would be a better situation if the building was on fire - that it was framed in wood, or steel. The correct answer is wood, since wood retains practically all of its structural strength until it is consumed by fire, unlike steel, which loses its strength very quickly when exposed to high temperature. So here we come to the heart of the issue - a Roman blacksmith from 2,000 years ago would make a more useful investigator of the building collapse than most "truthers" since he understands the fundamental fact that metals soften and can be reshaped when heated (by the blacksmith's hammer, or the weight of 10 building floors above) - no melting required. When the sprinkler system either doesn't come to the rescue, or is overwhelmed, it's over. For all of the fancy computers, the internet, and leadership of English majors and Philosophy professors, the "truthers" fail to grasp that simple fact. They are baffled by things a blacksmith knows. Because of this they are forced to invent ever more improbable and elaborate explanations that fail the common sense test - "the building was secretly rigged to implode"..... even though when done commercially it requires weeks of work by teams of people, drilling into the beams, stripping away insulation and structural materials, etc., etc. .... all unnoticed. Trapped by the absurdity of it, the escape routes range from magic thermite mixtures to space aliens. All of this, as part of a conspiracy that killed 3,000 Americans, has somehow been kept secret despite the fact that the US wasn't able to keep secret the waterboarding of a total of three people in 10 years without multiple leaks and widespread howls of outrage that the US bordered on being as bad as the worst criminal states ever, worse than even Germany which attempted genocide and killed millions. Ya, it must be "true". My guess is, whatever they're selling, you're buying.

Debunking the 9/11 Myths: Special Report

NIST NCSTAR 1A: Final Report on the Collapse of World Trade Center Building 7

Osama was one of the few people who could mastermind the destruction of three towers with just two planes.

More on that...

NIST NCSTAR 1A: Final Report on the Collapse of World Trade Center Building 7

Um, no, 1 Sievert = 100 rem, so in 5 hours you would get 50 k rem, and a normal lifetime dose in 9 seconds.
So according to the handy and authoritative ;-) XKCD radiation chart, the emergency workers would get a guaranteed fatal dose if they stayed for 5 minutes.
<handwaving>
Assuming the Iodine has already decayed by now, I thought the next most abundant decay products are Cesium and Strontium with half-lives of 30 years, if that's true then they could work for an hour until fatal dose in about 109 years time. ( 100 Sv/hr present / 8 Sv/hr lethal = 12.5; log(12.5) / log(2) = 3.64; 3.64 * 30 years = 109 years, if I didn't make any mistakes). Then they could work for 15 minutes until a "emergency radiation worker" 100 mSv dose after waiting for a cooling-down period of 239 years (log (100 / 0.1 / 4) / log(2) * 30), amirite?
</handwaving>

If they're not that patient then they have to use robots or something. Who's going to pay to keep the plant guarded from terrorists until the year 2250 until they can decommission it safely? Copyright doesn't even last that long (yet).
I find it very suspicious that nobody's even mentioned measured levels of Strontium-90 because it stores itself in the bones of people building new bone mass (i.e. children). They only talk about measuring Iodine and Cesium but Strontium should also be more than 5% of the fission products, almost as much as the measured Iodine (3%?) and Cesium (12%?)

SI is described by NIST at this link.

"soon after the French Revolution, the French Academy of Sciences chose the meridian definition over the pendulum definition [the length of a pendulum having a half-period of one second] because the force of gravity varies slightly over the surface of the earth, affecting the period of the pendulum. Thus, the meter was intended to equal 10-7 or one ten-millionth of the length of the meridian through Paris from pole to the equator."

"At the end of the 18th century, a kilogram was the mass of a cubic decimeter of water. In 1889, the 1st CGPM sanctioned the international prototype of the kilogram"

Time and length were redefined in terms of a fundamental physical constant the speed of light in a vacuum in 1983 because it became easier and more accurate to measure time with "atomic" clocks.

More:

"There is currently interest in redefining some of the SI units in terms of fundamental constants. For the kilogram this would result in the replacement of the metal prototype standard at the BIPM by a definition based on fixing the value of the Planck constant. In addition, the CCU has recommended that the ampere, kelvin, and mole be redefined by specifying exact values of the elementary charge, the Boltzmann constant, and the Avogadro constant, respectively."

SI is described by NIST at this link.

"soon after the French Revolution, the French Academy of Sciences chose the meridian definition over the pendulum definition [the length of a pendulum having a half-period of one second] because the force of gravity varies slightly over the surface of the earth, affecting the period of the pendulum. Thus, the meter was intended to equal 10-7 or one ten-millionth of the length of the meridian through Paris from pole to the equator."

"At the end of the 18th century, a kilogram was the mass of a cubic decimeter of water. In 1889, the 1st CGPM sanctioned the international prototype of the kilogram"

Time and length were redefined in terms of a fundamental physical constant the speed of light in a vacuum in 1983 because it became easier and more accurate to measure time with "atomic" clocks.

More:

"There is currently interest in redefining some of the SI units in terms of fundamental constants. For the kilogram this would result in the replacement of the metal prototype standard at the BIPM by a definition based on fixing the value of the Planck constant. In addition, the CCU has recommended that the ampere, kelvin, and mole be redefined by specifying exact values of the elementary charge, the Boltzmann constant, and the Avogadro constant, respectively."

I disagree with your statement, "the private sector will ... manage the entire system..."

The private sector will do everything else you said, including compete, but they will not manage it. Start here, then here, but this site is a total waste of your time.

There are already multiple competing Single Sign-On systems -- hardware-based, device-based, and cloud-based. This is only different because it is government run.

I disagree with your statement, "the private sector will ... manage the entire system..."

The private sector will do everything else you said, including compete, but they will not manage it. Start here, then here, but this site is a total waste of your time.

There are already multiple competing Single Sign-On systems -- hardware-based, device-based, and cloud-based. This is only different because it is government run.

Rather than hittin a journalist site, go direct to the source at

http://www.nist.gov/nstic/

You can trust this isn't a rickroll or a goatse because I'm usin' my trusted internet ID of VLM

The headline made me expect a detailed bit level cryptoanalysis of the new protocol complete with flowcharts, etc. Instead it seems to be the tech equivalent of a bunch of hippies high on weed sitting around a campfire and curing all the worlds ills by talking about them.

More like "whitehouse releases a plan to create a plan for a trusted internet ID plan"

Try again. If you want to argue SI vs IEC units...

GB = (10^3)^3
GiB = (2^10)^3

There is no "Ge".

http://physics.nist.gov/cuu/Units/binary.html

From the NIST NSTIC link in TFA:

# Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.

Yeah...I trust the government's statements about privacy and security just about as much as I trust anything Blogger Bob says: not at all.

Its a two part ID. A password (used only locally) to unlock a credential stored on your machine.

Its conceptually much like PGP, or Kerberos with a variety of certificate issuers (not JUST the government, in fact its not clear that the government will be issuing credentials at all) .

At this juncture, they are playing it like they are just in it to set the rules. Do I believe this? No!.

See the faq: http://www.nist.gov/nstic/faqs.html

But the point you raise is valid if someone gets ahold of your password AND your computer (or cell phone). With both, they can pretty much pretend to be you, and you are going to be hard pressed to deny it.

Your cell phone is probably the weakest link here. The most easy to steal, and force you at knife point to tell them the password. Tie you up, and they have several hours to empty your account using your phone and your secure credentials and your password.

Its far from perfect. But its better than a wallet full of credit cards that can be pick-pocketed and used at will.

With online commerce, and NFC banking coming to phones, some more secure method is required than what we have today.

Its not clear to me that a centralized clearing of certificates (even if done by many private companies) is a good idea in light of the various break ins and data thefts we have had lately. It would seem that one for each of your banks, a different one for your medical records, yet another for work accounts makes more sense than centralizing credential verification into one point of failure.

The principal advantage in this scheme is on-device certificates that do not need to have passwords sent across the net. If done right, it can be a godsend.

If done wrong, and the backend is shared with the government its a boon-doggle of the first magnitude, and bound to fail, and therefore will have to be made mandatory for any on-line purchases and banking in order for it to be widely adopted.

Watch and see. At the first sign that that the public disbelieves this it will be made mandatory.

Read about it before you ask questions like that:

http://www.nist.gov/nstic/faqs.html

Its nor really a government project.

From the NIST NSTIC link in TFA:

# Private: This new "identity ecosystem" protects your privacy. Credentials share only the amount of personal information necessary for the transaction. You control what personal information is released, and can ensure that your data is not centralized among service providers.
# Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.

FISMA certified ( and accredited ) means a great deal more than security planning.

Certified means it was tested by an independent security tester to NIST 800-53, using 53A and all associated security pubs. I won't get into the specifics of the security testing required for this, but it is wide and primarily comprehensive*.

NIST's Risk Management Framework

NIST 800-53

Accredited means that a government executive read over everything, with the advice of government security engineers, and still thought it was a good decision to authorize government use. Government types are notoriously risk-adverse

NIST goes far beyond what you see in unregulated industries. If you don't understand the control set, you really are not qualified to speak. While there are other regulated industries that may have similar protections, they are few and far between.

* NIST control sets still need improvement in software security

FISMA certified ( and accredited ) means a great deal more than security planning.

Certified means it was tested by an independent security tester to NIST 800-53, using 53A and all associated security pubs. I won't get into the specifics of the security testing required for this, but it is wide and primarily comprehensive*.

NIST's Risk Management Framework

NIST 800-53

Accredited means that a government executive read over everything, with the advice of government security engineers, and still thought it was a good decision to authorize government use. Government types are notoriously risk-adverse

NIST goes far beyond what you see in unregulated industries. If you don't understand the control set, you really are not qualified to speak. While there are other regulated industries that may have similar protections, they are few and far between.

* NIST control sets still need improvement in software security

Every agency is responsible for securing their own infrastructure. NIST only provides only guidance.

> Firstly, the fingerprints are not 'taken' but searched.

Pretty sure a warrant needs to be issued for the search part of "Search and Seizure."

> Secondly, I would like to hear more about the "many issues with the accuracy of fingerprints" because in my career as an AFIS engineer, I have never had an issue.
According to a review of NISTs' review, "the best of them are accurate more than 99 percent of the time." 99% is pretty inaccurate in my opinion for something like this. That could mean that 1 out of 100 people pulled over my be falsely arrested.
http://www.nist.gov/itl/iad/ig/fpvte03.cfm
http://www.sciencedaily.com/releases/2004/07/040716080142.htm

Taking out GPS won't disrupt the frequency across the grid. It just makes it much easier to keep synchronized. Highly accurate time clocks are kept already at each location and keep time just fine. GPS just helps keep them synchronized. Even prior to GPS we had land-based methods such as WWVB and WWV before that in North America. Again, the time clocks are already highly accurate and mostly need the initial signal just to set the frequency and time and to calculate drift. Here's one such vendor. They'll run just fine for months (years?) without losing frequency synchronization.

Taking out GPS won't disrupt the frequency across the grid. It just makes it much easier to keep synchronized. Highly accurate time clocks are kept already at each location and keep time just fine. GPS just helps keep them synchronized. Even prior to GPS we had land-based methods such as WWVB and WWV before that in North America. Again, the time clocks are already highly accurate and mostly need the initial signal just to set the frequency and time and to calculate drift. Here's one such vendor. They'll run just fine for months (years?) without losing frequency synchronization.

You don't have to guess. M = mega, m = milli. There is no ambiguity.

I would expect US NIST Time & Frequency division or US Naval Observatory Time department would be more than willing and able to host the zoneinfo database. Otherwise the time-nuts would likely step in and offer their support. A number of them being long time Unix folk, they wouldn't be total strangers to IANA or various national time authorities.

Apparently, the US National Institutes of Health (NIH)...for some strange reason...has been hosting the project. (Off the top of my head, I know that NIH also developed Image and ImageJ, presumably for their own needs.)

<republican>Sounds like more government waste to me. Why is NIH in this business exactly</republican>

I would expect US NIST Time & Frequency division or US Naval Observatory Time department would be more than willing and able to host the zoneinfo database. Otherwise the time-nuts would likely step in and offer their support. A number of them being long time Unix folk, they wouldn't be total strangers to IANA or various national time authorities.

If anyone is interested in the source material, here it is:

http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdf

Fresh from the press, it seems.

By the way, the SHA-512/224, SHA-512/256, SHA-384 and SHA-512 are only different in their initial hash value, so it is very easy to implement these algorithms. Just change the constant and cut the required number of output bits. Personally, I think it is at least two hash functions too many.

Is your version susceptible to this?

given someone has a password under 6.25 (50 bits / 8) characters, it would be cracked. I would agree with that. That's an absurdly small password

You are dead wrong when you assume a single password character means 8 bits of entropy. The best possible password that can be typed using a normal keyboard (94 printable characters, without keyboard gymnastics, euro-sign, etc.) has about 6.6 bits of entropy per character assuming the characters are uncorrelated and a high quality RNG is used as the source (huge assumptions). From the reference cited, 92% percent of passwords don't have any special characters. A lower-case + numbers password has only about 5 bits of entropy per character.

Worse yet, the vast majority of people will not use a truly random password, with a uniformly distributed character set. The examples provided as the longest passwords, and probably some of the best passwords in the list are "fool2thinkfool2thinkol2think" and "dokitty17darling7g7darling7" have 4 lower-case words (12 bits entropy each), 4 numbers with 2 digits (7 bits entropy each) for a total of 76 bits of entropy, and I'm being generous. That's just 2.8 bits of entropy per character ! Real world passwords indeed.

Regarding your claim about a 400 bit entropy password, allow me to doubt it. You might have a 50 character passphrase, but if it's a lowercase of english text it's entropy can be estimated as follows:

The first character is taken to have 4 bits of entropy, the next 7 characters are taken to have 2 bits of entropy each, the following 12 characters are taken to have 1.5 bits of entropy each, and subsequent characters are taken to have 1 bit of entropy each.

That gives you about 66 bit of entropy according to NIST. You might have a 400 bit passfile, but in that case you could also generate a 400 Kbyte passfile, it doesn't really matter. The whole idea of passwords is that they authenticate the person (something you know, and can realistically remember) and not the machine (something you have, or can easily copy).

I concur on going to DC, but I bet he will be more useful on a different tack...

National Strategy for Trusted Identities in Cyberspac

Next Steps to Enhance Online Security

After the Big Bang occurred the matter was very very hot. So it looked basically like fire. But since entire universe was "on fire" and light has a finite propagation speed we can still see light just reaching us now from very far away places in the universe - Cosmic Microwave Background.

It has many interesting properties. First, as you point out you can measure our speed relative to it. Secondly, it has a very long wavelength which is due to expansion of the universe - the places farther away are moving away from us.

The expansion of the universe is actually very very small even on the scales of a solar system or galaxy and starts to matter on the intergalactic scales. It is characterized by Hubble constant= 70 (km/s)/Mpc - for each million parsecs the speed goes up by 70 km/s. For comparison, Earth's orbital speed is 30 km/s and the size of the entire Milky Way (our galaxy) is only 30 thousand parsecs.

Yes, there is a time dilation effect.

Btw, speaking of time dilation effect, the scientists at NIST has recently built an atomic clock based on a single Aluminum atom that is so accurate that they can see time dilation from Earth gravitational field. They measured the rate of their clock, than raised the setup and measured a faster rate - clocks slow down in stronger gravitational field and Earth field decreases by a small amount as you get further away from Earth.

Who is involved?

Because the Smart Grid will touch so many aspects of life in the 21st century, the development of standards involves a wide range of stakeholders—national and international, private and public, large and small. This simplified illustration (see below) shows the many complex relationships and interactions that will take place within the Smart Grid, as electricity and/or information flows back and forth.

As part of the overall Smart Grid coordination effort, NIST is also pushing security issues for the Smart Grid, which is somewhat reassuring.

Who is involved?

Because the Smart Grid will touch so many aspects of life in the 21st century, the development of standards involves a wide range of stakeholders—national and international, private and public, large and small. This simplified illustration (see below) shows the many complex relationships and interactions that will take place within the Smart Grid, as electricity and/or information flows back and forth.

As part of the overall Smart Grid coordination effort, NIST is also pushing security issues for the Smart Grid, which is somewhat reassuring.

Who is involved?

Because the Smart Grid will touch so many aspects of life in the 21st century, the development of standards involves a wide range of stakeholders—national and international, private and public, large and small. This simplified illustration (see below) shows the many complex relationships and interactions that will take place within the Smart Grid, as electricity and/or information flows back and forth.

As part of the overall Smart Grid coordination effort, NIST is also pushing security issues for the Smart Grid, which is somewhat reassuring.

Yeah really:

http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

Look at the bottom of Page 12 (20th page of the PDF)

Also see:

http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

The Economic Impacts of Inadequate Infrastructure for Software Testing finds an average ROI for software testing somewhere between about 100% and 1000%.

Trigonometric functions especially are always treated as little boxes that magically calculate what you need.

Amen to that — and the sad bit is that the truth is both simpler and more beautiful than SOH CAH TOA ever was. The chapter in Euler's "pre-calculus" textbook Introductio in analysin infinitorum* that introduces the trigonometric functions is entitled "On Transcendental Quantities Which Arise from the Circle." Small wonder sines and cosines "often arise in applications." Mutatis mutandis for Bessel functions, say, or spherical harmonics. Speaking of Bessel, while he never got around to a university education, he was the first person to calculate the distance to a star with reasonable accuracy — and it sure wasn't "easy"!

Seriously, though, if I catch your meaning correctly, I wholeheartedly agree — for math majors, at least, mathematics should be very far removed from mindless calculation — a large part of mathematical research involves trying to understand calculations well enough to know when they're unnecessary — or if they're even possible. After all, many of the things we'd really like to calculate are, in some sense at least, "incalculable."

As an aside, if you like calculus: try solving the differential equation

x'' = cx

for a few "natural" values of the parameter c and initial values x(0) and x'(0), say

c = -1, x(0) = 1, x'(0) = 0

or perhaps

c = -1, x(0) = 0, x'(0) = 1.

Practically speaking, a course in "mental arithmetic" seems like it'd be far more useful — for future mathematicians as much as everyone else — than a semester spent memorizing antiderivatives of inverse hyperbolic functions and Stewert-esque "strategies" for trigonometric integrals**, with little or no time spent on why they work — which actually is both interesting and instructive. When it comes down to it, it's more a matter of accident than design — students whose primary focus is science or engineering really do "just need the damn formulas," assuming they're unwilling to wait until grad school for a first course in, say, electromagnetism, so they have time to learn enough linear algebra and differential topology to prove the general Stokes' theorem beforehand.

As for "abstract algebra," it's interesting to note that authors — van der Waerden, say, or Artin, or Mac Lane — who actually studied with Noether and Hilbert never seemed to use the phrase: for the first few decades, it was "modern" algebra, then simply "algebra." Perhaps this is because it's essentially the same subject we all studied in high school.

Moreover, both homology and category theory both arose from concerns largely inspired by mathematical physics. The former, rather transparently; as for the latter, think about Courant's proof of the original "natural transformation" for a bit. This is my vote for the most beautiful theorem in all of mathematics. This paper of Mac Lane's is also interesting and instructive.

Cheers,
Jason

* I don't read Latin either — an English translation is available, and worth every penny. Recall that Euler knew a few things about trigonometric functions.

Trigonometric functions especially are always treated as little boxes that magically calculate what you need.

Amen to that — and the sad bit is that the truth is both simpler and more beautiful than SOH CAH TOA ever was. The chapter in Euler's "pre-calculus" textbook Introductio in analysin infinitorum* that introduces the trigonometric functions is entitled "On Transcendental Quantities Which Arise from the Circle." Small wonder sines and cosines "often arise in applications." Mutatis mutandis for Bessel functions, say, or spherical harmonics. Speaking of Bessel, while he never got around to a university education, he was the first person to calculate the distance to a star with reasonable accuracy — and it sure wasn't "easy"!

Seriously, though, if I catch your meaning correctly, I wholeheartedly agree — for math majors, at least, mathematics should be very far removed from mindless calculation — a large part of mathematical research involves trying to understand calculations well enough to know when they're unnecessary — or if they're even possible. After all, many of the things we'd really like to calculate are, in some sense at least, "incalculable."

As an aside, if you like calculus: try solving the differential equation

x'' = cx

for a few "natural" values of the parameter c and initial values x(0) and x'(0), say

c = -1, x(0) = 1, x'(0) = 0

or perhaps

c = -1, x(0) = 0, x'(0) = 1.

Practically speaking, a course in "mental arithmetic" seems like it'd be far more useful — for future mathematicians as much as everyone else — than a semester spent memorizing antiderivatives of inverse hyperbolic functions and Stewert-esque "strategies" for trigonometric integrals**, with little or no time spent on why they work — which actually is both interesting and instructive. When it comes down to it, it's more a matter of accident than design — students whose primary focus is science or engineering really do "just need the damn formulas," assuming they're unwilling to wait until grad school for a first course in, say, electromagnetism, so they have time to learn enough linear algebra and differential topology to prove the general Stokes' theorem beforehand.

As for "abstract algebra," it's interesting to note that authors — van der Waerden, say, or Artin, or Mac Lane — who actually studied with Noether and Hilbert never seemed to use the phrase: for the first few decades, it was "modern" algebra, then simply "algebra." Perhaps this is because it's essentially the same subject we all studied in high school.

Moreover, both homology and category theory both arose from concerns largely inspired by mathematical physics. The former, rather transparently; as for the latter, think about Courant's proof of the original "natural transformation" for a bit. This is my vote for the most beautiful theorem in all of mathematics. This paper of Mac Lane's is also interesting and instructive.

Cheers,
Jason

* I don't read Latin either — an English translation is available, and worth every penny. Recall that Euler knew a few things about trigonometric functions.

And how are those cloud-relevant, please? I can only read 'network' and 'multi-player' in there.

In this case, "cloud" is being used as a marketing term as it doesn't really hold up to NIST's definition of what cloud computing is... though with the five essentially characteristics, you could shoehorn "cloud gaming" into loosely meeting those characteristics.