Hmmm. but in TFA itself, Oberg says this at the end of debunking the myth that the astronauts were instantly killed:
Official NASA commemorations of "Challenger's 73-second flight" subtly deflect attention from what was happened in the almost three minutes of flight (and life) remaining AFTER the breakup.
That really doesn't sound like he's defending NASA. Rather, it sounds like he's saying NASA doesn't want you to think about what happened to the poor bastards in the 3 minutes between the destruction of the orbit and the impact of the crew section with the ocean. It sounds like he's saying they had a hideous last 3 minutes of life, and NASA doesn't want you to think about that.
Thanks for the info! Nice to hear from someone who knows. I had the vague impression that the honeycomb depended for its structural integrity on the composite skin, sort of like a monocoque design in car bodies, so that damage to the 'skin' can result in too much stress to the substructure, hence overall failure. Is this possible?
Most people would find little discrepancy between a person being subjected to violent trauma, going unconscious or into extreme shock, and dying within a minute and dying instantly.
Hmmm. Imagine you accidentally cut your arm off with an industrial saw, and in the middle of inconceivably enormous pain, you notice your severed artery spraying blood in an eight-foot arc. Would you see only a little discrepancy between the bystanders offering to help you instantly and within a few minutes?
The reason Oberg mentions this "myth" is that it is a comforting illusion to think that those in the orbiter never knew what hit them. Even 30 seconds is plenty of time to realize you're about to die horribly, or to experience enormous pain, and everyone (else) realizes this, and tends to wish they didn't so hard that they talk themselves into believing the evidence says they didn't. Oberg dispels this illusion.
Any rational person would recognise the inherent danger in strapping themselves to the side of an enormous tank of liquid oxygen and lighting it.
Leaving aside the minor fact that oxygen doesn't burn -- you were probably thinking of the fuel (liquid hydrogen) -- have you reflected on the fact that you routinely climb into vehicles stuffed with enough dangerously flammable fuel (gasoline) to burn you to a crisp, and pilot them at high speed down paths strewn with thousands of moving obstacles, under visual flight rules only (no radar, automatic pilot, et cetera), with no parachute or ejection seats? Sounds kind of nutty when you put it that way, doesn't it?
I look forward to the day when a spacecraft accident is no more notable than an automobile or airplane accident.
Not I. Tragic accidents like this mean we're living on the cutting edge of our technology, pushing the envelope of what we can do, standing on tip-toe and reaching as high as we can. As long as those who risk their lives do so with eyes wide open, let it rip. I want to live in interesting times, and in a culture that has balls of brass.
If we insist on exploration being safe, we've just pussified ourselves, turned away from the frontier 'cause it's scary and dangerous, and it'll only be a matter of time before some new kid on the block culture comes along and shoves us unceremoniously out of their way, into the ashcan of history, like the barbarians did to the Romans and we did to the British Empire.
I didn't realize until this thread just how young most Slashdotters must be.
Boy, you said it. Second grade? Sheesh, I'd just advanced to candidacy for my Ph.D. when Challenger came to pieces...
I remember being stunned, however. Shuttle launches had certainly come to seem utterly routine. And besides, it had also come to seem that when there were troubles in space, some ingenious team always came through and jury-rigged a solution, a la Apollo 13.
Maybe it's a generational thing? Maybe it's just hard to feel it if you were a little kid at the time. After all, I don't feel the same way about the Apollo 1 fire, perhaps because I was 5 or 6 at the time.
Columbia's crew died because small pieces of foam falling off tanks got to be routine, and eventually after 100 missions a big one fell off...
You know, I've always wondered what part composite aging might have played. Materials scientists tend to know little about how composite materials like the RCC panels age, especially in the harsh environment they had to endure -- radiation, violent temperature swings, et cetera -- and especially over the 20 years or so between Columbia's fabrication and the accident. Plus, unlike metals, composites are a bit notorious for showing no outward signs at all that they are about to fail, for looking perfectly sound even when they are so rotten that they'll suddenly and catastrophically fail under stresses they easily stood before.
Here for example is a story about some of the problems the USAF is running into now with the F-15 wing, which is composite and approaching 20 years old in many aircraft, e.g. the linked article notes an F-15 coming apart midflight in 2003 because of a sudden failure of the wing, and yet routine inspections every 200 hours had shown no signs of incipient failure.
If Columbia's accident was the result of this kind of failure, it's a lot harder to blame the designers, engineers, and even management for failing to prevent it -- because it involved the emergence without any warning of a completely unforeseeable materials failure mode. Essentially, the impact of the foam was a trivial hazard, easily withstood by the airframe for almost all of the 20 years Columbia flew. And then, by incredibly bad luck, the aging of the RCC material made the stuff just suddenly become ridiculously fragile, to the point where an oversize bird turd could crack it. And it did so with no outward signs of weakness at all.
That would make Columbia's accident pretty much a pure act of God, beyond the ability of mortal men to foresee and prevent. Indeed, I think one of the lessons of Columbia should probably be that these things still happen, that materials and systems can fail in totally unforeseen ways, even with the best engineering talent and the best management will in the world.
We're probably close to agreement. I just ask you to consider the fact that we're so familiar with making paper secure that we just take the appropriate procedures for granted and tend not to be aware of how problematic and worrying they probably seemed to our great^n grandparents when they first had to consider trusting to paper instead of personal agreements between people who knew each other. (Remnants of this survive in our legal system, where paper evidence is inadmissible without the personal testimony of a witness.)
Conceptually, the same can be done with the electronic communication. You just need new paradigms, that's all. New ways of thinking about the strengths and weaknesses of the medium, and what procedures will take advantage of the former and compensate for the latter. It can be done. What I'm a little dismayed by here is how many of the very community that could do it are so pessimistic. It's almost like proposing to fly 50 people to Mars and the aerospace engineers all pull a long face and start to talk about how impossible it is, ask whether man was meant to fly anyway, and wouldn't you just like to send a 50 pound satellite into orbit, because we know how to do that reliably...
Eh, you need to duck in the time machine and zap back to about 1990 or so. The typewriters had already been replaced with computers, but, no, just about all the secretaries did with them was process words. There wasn't much of an Internet, for one thing.
Ach, don't take my analogy too concretely. Sure, being undisturbed is not the same as having a provable audit chain. But there are plenty of conceptual similarities. And my overall point was simply that it is not obvious that the ability to guarantee an algorithm runs to completion in the way expected (the deposit money gets to the bank, and to the right account; the jewels make it from storage to the Queen's head for the coronation without being replaced by fakes; the vote that's counted is the vote that's cast; and so on) -- I say, it's not obvious that the ability to make sure an algorithm runs as expected is always best guaranteed by a primitive technology and plenty of ignorant human labor. Sometimes a good mechanism and fewer, but more educated people, is a much more reliable way to go.
I realize the people own the election. But I disagree with you that they are dumb -- they are merely ignorant (about computers, for example). And that makes all the difference. People are quite good at picking good cars to buy, for example, even though few of them really understand the technology under the hood. Why is that? Because they are good at evaluating a web of social trust relationships that allows them to, so to speak, tap into the minds of the actual experts. Roughly speaking, ordinary people are very good at deciding whether a given technological expert is to be trusted or not. So they figure out whether a given auto company's engineering boasts are valid or not, and buy the right car.
In the same sense, with the proper system, people could figure out whether or not to trust the technical expert who, in turn, would guarantee the quality of the election.
Look, it happens all the time. With some hiccups (Beta) the best technology usually wins out in the public marketplace, despite the fact that very few people actually evaluate it, or can evaluate it, for themselves. Again, I just don't think voting is so unique a human endeavor that it can't fit into the same social process.
I didn't say it doesn't matter, I said it doesn't much change the legitimacy of the vote.
What you're saying is that the current system is highly unstable, that very small perturbations can produce drastically different outcomes. If this is the case -- and I'm actually not agreeing it is -- then I submit there is no future in trying to eliminate every last possible source of tiny perturbation. There will always be one more weird little influence that can tip things one way or the other, if the system is that unstable. The only lasting solution is to fix the system so it's no longer unstable, i.e. get to a situation where minor perturbations in who votes for what and who doesn't much change the outcome.
MD or MC simulation for systems with long relaxation times. My particular target was solution macromolecular conformational relaxations, e.g. polymer backbone twists and turns.
See, with that big polymer backbone you can't break the system up into cells or anything, and you can't divide up the problem in the time domain, because of course what happens at t+dt depends very much on what's happened at t. So you're stuck, you've just got to do the simulation in a single thread.
You can use multiple processors to better your statistics. That's just running the simulation over and over again from similar initial conditions, and since every simulation is fully indepedent you can just run them on multiple machines or whatever -- there's no advantage to any finer-grained parallelism. This is nothing to sneeze at, but it's still mostly just making nice smooth graphs for the publication.
The kinds of stuff I was trying to do involved up to multiple millions of timesteps, to the point where I started to worry (in the MC case) about the random-number generator, ha ha.
Well...my work (scientific computing) put a premium on sheer scalar speed, and for that the RISC architecture was great and the x86 CISC paradigm a drag. Once you learned how to write code in a certain way, DEC's compilers could make amazingly fast code out of it for the Alpha.
In case you're wondering, no, parallel computing was never a good option. There's a large class of scientific problems that just don't work very well in parallel, because of large-wavelength correlations that make it painful in the extreme to write a parallel algorithm, if you can do it all.
Man, that was a sweet processor. I recall comparing my spanking new DEC Alphastation to the Cray down at San Diego Supercomputing Center in 1995, and there was just about no difference. That machine flew.
Funny thing how Digital's hardware dominance seemed to just dry up and blow away, tho'. I seem to recall in the 80s and 90s it was the place to be if you were a hot and ambitious hardware hacker. Wonder what happened?
Well, the total price of getting the 200 kg copper slug to Mars is about $450 million, according to TFA, which works out to just over $2 million per kilogram. The value of the copper itself is trivial by comparison. (That is, it costs far less to dig up and refine 200 kg of copper than it does to shoot it to Mars.)
Heck, they could make the slug out of pure gold ($20,000 per kilogram) without changing the price of the mission noticeably.
It is imperative that any voting system have a physical object representing each vote...
Well, if you say so. Everyone's entitled to make their own decision on this. But how do you deal with the fact, that if you're like most people these days, you're paid directly into your bank account, pay most of your bills by electronic transfer, and have most of your retirement kitty locked up in shares traded electronically on the NYSE? There's no physical objects representing your wealth, you know. No greenbacks in a vault somewhere, no lumps of gold in a strongbox. If the computers all wigged out, you could be flat dead broke tomorrow morning, if you haven't thoughtfully saved each and every one of your ATM receipts, pay stubs, canceled checks, credit card bills, et cetera and so forth, and even then it'd be a right struggle to get it all back.
Fact is, it's the digital age. We need to deal with this, find new ways of building trusted information exchange. I suspect the paper vote is going to go the way of paper money, sooner or later, no matter what. Best get busy figuring out ways to do it safely. Which, I certainly agree, includes doing something that makes you and folks like you confident that the system is reliable.
Right you are. Now, ask yourself whether you personally are aware of -- or have even worried about -- exactly how and by whom your paper vote is counted, and how and by whom and with what security that vote tally is transmitted to the capital for the Secretary of State to certify the election. If you're like most people, the answer is no. People just drop the ballot in the box and trust that it's all going to work out, at least until they start seeing scary stories on Nightline. Hell, people have to be taught about the existence of the Electoral College every four years.
What's the difference? Well, people have seen hairy photos of airplanes crashing. We've all seen films of Hiroshima. So, people worry about the security of ATC software or nuclear weaponry. But aside from the goofball antics in Florida in 2000, which, except to the usual sprinkling of Oliver Stone disciples tends to be nowadays rather a yawn of an issue, not much has gone badly wrong with voting, electronic or not. If a county supervisor has been slightly fraudulently elected, well it matters a lot to he and his local supporters, but not so much to citizens four states over, for whom life will go on pretty much as it has.
Which brings us to the larger point: I suggest there are in the end two possibilities here: (A) Any fraud through electronic voting is so minor as to be unimportant, or (B) it will not succeed.
Case A: Someone tampers subtly enough with the vote tallies that a very close election (e.g. Bush v. Gore) gets decided one way versus another. Disaster? Hardly. What people overlook about close elections, and Bush v. Gore in particular, is that the fact that the vote is so close is just another way of saying that both candidates are essentially equally preferred by the people. So for the purposes of representing the will of the people either will do, to within very small error margins. That's not to say the results of electing one versus the other might not be very different. Al Gore would have made a very different president than George Bush (albeit less different, I think, than Gore voters hope or Bush voters fear). But the legitimacy of electing either one is essentially identical. You can't, unless you're a Jesuit, say that someone for whom 60,000,001 people voted is significantly more "the people's choice" than someone for whom 59,999,999 people voted.
In effect, slight fiddling in very close elections doesn't matter much. You're not changing the basic principle of elections -- that the winner represent the will of the people -- very much, if at all. You are doing not much more than is done by a million small random factors anyway, e.g. whether it is raining or not on election day, whether candidate A wore a nicer tie than candidate B in their last televised debate, and so on ad infinitum. If an election is so close as to be determined by tiny, trivial factors, there are a billion of them, and fraud is not obviously the most important.
Case B: Now if you change vote tallies enormously, in elections that are nowhere close, then, er, I think someone's going to notice. If for example you change Orange County vote tallies so that it goes 80% Democratic, or Santa Barbara tallies so it goes 80% Republican -- well, people are going to notice. They're going to say: WTF? This has never happened before. No one I know voted this way; it's not consistent with pre-election polls, it makes no sense with demographics, it's not consistent with other parts of the State, et cetera and so forth. Really, in the end we judge the legitimacy of an election not just because the Secretary of State announces the results using his serious grown-up voice, but also because in many large and small ways, the result "fits" with other facts we know.
So in this case, there would be a huge hue and cry, and the results wouldn't stand. People would demand a recount, and if one were not available, a new election. And they'd get it. And then they'd lynch the designers who made the fraud possible.
Sigh. Look, why have we replaced armed guards with Medico deadbolts, security cameras, and motion-detection alarms? Lack of dumb oxen hireable off the waterfronts with the willingness to mix it up with intruders? Hardly. We've found that under certain circumstances, you can get the same level of security at less expense by well-designed mechanical systems, backstopped at fewer points by human guardians. Instead of hiring 12 security guards to beat perimeter, you hire 1 better-trained guard to sit in an office and watch camera screens and monitor the motion detectors. Does that mean he needs to be able to understand at some level the technology of CCTV cameras and infrared motion detectors, at least know their strengths and limitations? Uh, yeah. Is that a problem? No, not really, because you need sufficiently fewer of the better-trained guards that it compensates for the fact that each must be more intelligent, more reliable, and better trained. You trade in a dozen low-salary worker ants for one soldier ant who's paid somewhat less than twelve times as much.
Back to elections. If you design your electronic voting system properly, then by definition you don't need half a million barefoot technophobic UN workers to monitor your election. Instead, you need a far smaller number of far better-trained workers to monitor critical points in the system. Just like the guard savvy about video tech sitting in his central office.
And how does Joe Sixpack verify the trustworthiness of the system himself? He doesn't. In the same way he doesn't personally do a fluid-dynamics calculation of the lift-to-drag ratio of every airplane he flies, doesn't understand how ABS brakes, airbags or cholesterol-lowering drugs work before he trusts his life to them, and doesn't know how the ACH electronic check-clearing system reliably transfers his debit payment (and not his entire bank balance) to the gas company. There is a web of trust, in certain experts with certain government-issued certificates, in the presence or absence of news stories about problems in the system, and even in word-of-mouth rumor, that let Joe assess the trustworthiness of all these systems indirectly. I see no reason why voting in particular has to be different.
Finally, just because you can't subvert a system which relies on paper and chains of human watchers with fancy technological tricks that bemuse them doesn't mean the system can't be hacked. Not at all. You just have to do a little psychological hacking instead, e.g. bribery, sleight of hand, intimidation, a con, et cetera. If voter fraud was committed in Iraq -- and I'm sure it was, in places -- it was done in the old-fashioned, low-tech way, and despite the presence of election watchers. In short, relying on paper to prevent fraud would be just about as foolish as relying on electrons. It's not the technology. It's whether it's used correctly.
Ach, no, this focusses on only the most concrete aspects of the audit trail. Sure, a given piece of paper is write-only. So what? A vote isn't equal to a piece of paper. It's equal to one particular piece of paper. What's really important is not the fact that we can guarantee that this piece of paper has been written on only once, but that we can guarantee that this piece of paper has been written on by the voter. You don't commit voter fraud with paper ballots by erasing the mark. You do it by substituting another marked piece of paper for it -- by transferring the "blessing" that transforms a marked piece of paper into a vote to another marked piece of paper.
Similar with the ballot box. It's hard to change the number of ballots in a given ballot box. So what? What's important is that this box full of paper was filled by voters, and not the one I've got hidden in the back of my black Cadillac with the heavily tinted windows. You commit fraud at the box level by replacing the real ballot box with a different box -- by once again moving the "blessing" that transforms a box of paper into a box of votes. And, yes, you could therefore in one quick and easy step replace 5 paper ballots with 31337.
Finally, the Secretary of State certifies an election without personally handling each and every ballot, or even seeing each and every ballot box. So there is the communication from precinct captain to supervisor to the capital to consider. You commit fraud at this level by getting to the right people, or fudging the communications, or some combination of these. Once again, it's about moving the "blessing" from certain communications to others.
In short, I don't worry much about the naked complexity of the computer code required -- we're just trying to tally votes, after all, not fly Space Shuttles at Mach 25 or predict solar photosphere dynamics -- and more about the overall system design. As I said, I think the key issue surrounding electronic voting -- or any voting -- is a system able to prove to anyone fairly easily that the audit chain is complete. That is, which can prove that no one was able to modify the tally on the disk drive or that no once was able to replace a ballot box with another of his choosing just after the polls close.
It's not the expense of the ballots boxes and paper. It's the expense of the trusted, reliable human beings to prepare them, move them about, and count them.
Compare to the expense of replacing typewriters with computers. Why does this makes sense, economically? It's not that computers are cheaper than typewriters, but that good secretaries are expensive. And if you can set it up so they spend less time formatting paragraphs, because a machine is doing the job, you save money.
Furthermore, the level of security demanded of the two systems is wildly different, so there's a bit of apples and oranges here. People demand bulletproof security from the electronic system, so that it can be deemed secure against even well-funded, persistent and diabolically clever enemies. But they are willing to accept an existing paper system that has laughable security -- a cardboard box carried by two senior citizens, forsooth -- where it would be perfectly plausible for a committed and well-funded fraudster to corrupt the voting. If we insisted on equal security for the existing system -- a platoon of armed guards around each voting location, say, as well as requiring voters to show two photo IDs before voting, cross-checked instantly against government records -- it would be hideously expensive.
The fact is, voter fraud is fairly uncommon in the US largely because it's cheaper and easier in the long run to win elections by other means. Why try to steal an election for $100 million when you can just buy it on the open market? (By hiring media consultants and spin doctors, blanketing the airwaves with ads, commissioning push-polls, buying off bloggers, yadda yadda.)
Could be. But what's your point? That the Diebold electronic voting system in particular is crappy software and should not trusted? Or that electronic voting itself is a disaster waiting to happen, something we are just not smart enough as a species to implement securely?
If the former -- sure, OK, if you say so. I have no relevant information to challenge the conclusion. You could be right.
If the latter, I don't agree at all. The fact that one particular design might be upgefucked is no reason to abandon the project as hopelessly beyond our competence.
It is. And it's a very important cautionary tale, I agree. It's hard to be too careful in areas like this. But...a coupla points:
(1) The Russians are different. The Soviet model always put its reliance on layers of human inspectors and inspectors of inspectors. They have far less historical experience in building reliable mechanical systems, and this has always shown up throughout their military structure (and for that matter in their aerospace ventures as well). As a consequence, I would not be surprised to find them a little hazy on exactly how far to trust software, how to properly configure it, use it, verify its operation, et cetera.
Parethetically, there is evidence that the Soviets have always been appallingly sloppy in their handling of nuclear material, e.g. Thomas Reed's autobiographical book notes the story that unskilled janitorial workers at one Soviet weapons plant were told to clean up plutonium dust with pans and brushes, and not so much as a paper breathing mask.
Moral of the story? Do not dive into technology -- do not assign critical functions to it -- unless you have a long experience dealing with it and understand its abilities and limitations thoroughly. When it comes to computer command and control the US has this, at least in some areas. The Russians do not.
(2) It's unclear whether the Russians found a flaw in an official and trusted DoE program, or whether they borrowed some sketchy design ideas from some nice people outside the fence at LANL and found that, gosh, it's a little tricky going from beta software to trusted final product. The rebuttal by the DoE strongly suggests the latter.
(3) DoE keeping track of nuclear material isn't the same level of audit-trail concern as DoD keeping track of weapons or weapons codes. There's as much or more difference between nuclear materials and a nuclear bomb as between steel ingots and a machine gun.
(4) I'm underwhelmed by the defense security expertise and cold-eyed objectivity of an organization (CDI) whose board consists of boutique ice-cream magnates (Ben Cohen), actors (Paul Newman, Joanne Woodward), social scientists (Steve Ungerlieder, psychologist, and Barbara Winslow, CUNY Women's Studies Program), and a few retired military officers, who may or may not have had senior-level experience in nuclear weapons command and control. I'm not saying they don't know what they're talking about because they seem to be amateurs -- that would be an ad hominem argument -- but I do suggest the background of the messenger does not lend weight to the message, in this case.
In short, as always, it is not really news that mechanisms are only as good as their designer, and should always undergo testing and verification appropriate to the level of trust one has to place in them.
Slashdot Mirror
Hmmm. but in TFA itself, Oberg says this at the end of debunking the myth that the astronauts were instantly killed:
Official NASA commemorations of "Challenger's 73-second flight" subtly deflect attention from what was happened in the almost three minutes of flight (and life) remaining AFTER the breakup.
That really doesn't sound like he's defending NASA. Rather, it sounds like he's saying NASA doesn't want you to think about what happened to the poor bastards in the 3 minutes between the destruction of the orbit and the impact of the crew section with the ocean. It sounds like he's saying they had a hideous last 3 minutes of life, and NASA doesn't want you to think about that.
Thanks for the info! Nice to hear from someone who knows. I had the vague impression that the honeycomb depended for its structural integrity on the composite skin, sort of like a monocoque design in car bodies, so that damage to the 'skin' can result in too much stress to the substructure, hence overall failure. Is this possible?
Most people would find little discrepancy between a person being subjected to violent trauma, going unconscious or into extreme shock, and dying within a minute and dying instantly.
Hmmm. Imagine you accidentally cut your arm off with an industrial saw, and in the middle of inconceivably enormous pain, you notice your severed artery spraying blood in an eight-foot arc. Would you see only a little discrepancy between the bystanders offering to help you instantly and within a few minutes?
The reason Oberg mentions this "myth" is that it is a comforting illusion to think that those in the orbiter never knew what hit them. Even 30 seconds is plenty of time to realize you're about to die horribly, or to experience enormous pain, and everyone (else) realizes this, and tends to wish they didn't so hard that they talk themselves into believing the evidence says they didn't. Oberg dispels this illusion.
Any rational person would recognise the inherent danger in strapping themselves to the side of an enormous tank of liquid oxygen and lighting it.
Leaving aside the minor fact that oxygen doesn't burn -- you were probably thinking of the fuel (liquid hydrogen) -- have you reflected on the fact that you routinely climb into vehicles stuffed with enough dangerously flammable fuel (gasoline) to burn you to a crisp, and pilot them at high speed down paths strewn with thousands of moving obstacles, under visual flight rules only (no radar, automatic pilot, et cetera), with no parachute or ejection seats? Sounds kind of nutty when you put it that way, doesn't it?
I look forward to the day when a spacecraft accident is no more notable than an automobile or airplane accident.
Not I. Tragic accidents like this mean we're living on the cutting edge of our technology, pushing the envelope of what we can do, standing on tip-toe and reaching as high as we can. As long as those who risk their lives do so with eyes wide open, let it rip. I want to live in interesting times, and in a culture that has balls of brass.
If we insist on exploration being safe, we've just pussified ourselves, turned away from the frontier 'cause it's scary and dangerous, and it'll only be a matter of time before some new kid on the block culture comes along and shoves us unceremoniously out of their way, into the ashcan of history, like the barbarians did to the Romans and we did to the British Empire.
Looks like 3-5 psi is probably a better estimate.
I didn't realize until this thread just how young most Slashdotters must be.
Boy, you said it. Second grade? Sheesh, I'd just advanced to candidacy for my Ph.D. when Challenger came to pieces...
I remember being stunned, however. Shuttle launches had certainly come to seem utterly routine. And besides, it had also come to seem that when there were troubles in space, some ingenious team always came through and jury-rigged a solution, a la Apollo 13.
Maybe it's a generational thing? Maybe it's just hard to feel it if you were a little kid at the time. After all, I don't feel the same way about the Apollo 1 fire, perhaps because I was 5 or 6 at the time.
Columbia's crew died because small pieces of foam falling off tanks got to be routine, and eventually after 100 missions a big one fell off...
You know, I've always wondered what part composite aging might have played. Materials scientists tend to know little about how composite materials like the RCC panels age, especially in the harsh environment they had to endure -- radiation, violent temperature swings, et cetera -- and especially over the 20 years or so between Columbia's fabrication and the accident. Plus, unlike metals, composites are a bit notorious for showing no outward signs at all that they are about to fail, for looking perfectly sound even when they are so rotten that they'll suddenly and catastrophically fail under stresses they easily stood before.
Here for example is a story about some of the problems the USAF is running into now with the F-15 wing, which is composite and approaching 20 years old in many aircraft, e.g. the linked article notes an F-15 coming apart midflight in 2003 because of a sudden failure of the wing, and yet routine inspections every 200 hours had shown no signs of incipient failure.
If Columbia's accident was the result of this kind of failure, it's a lot harder to blame the designers, engineers, and even management for failing to prevent it -- because it involved the emergence without any warning of a completely unforeseeable materials failure mode. Essentially, the impact of the foam was a trivial hazard, easily withstood by the airframe for almost all of the 20 years Columbia flew. And then, by incredibly bad luck, the aging of the RCC material made the stuff just suddenly become ridiculously fragile, to the point where an oversize bird turd could crack it. And it did so with no outward signs of weakness at all.
That would make Columbia's accident pretty much a pure act of God, beyond the ability of mortal men to foresee and prevent. Indeed, I think one of the lessons of Columbia should probably be that these things still happen, that materials and systems can fail in totally unforeseen ways, even with the best engineering talent and the best management will in the world.
I should remind you, that America in the 1980's had lots of social conflict lying just below the surface.
It did? Gosh, I don't remember that. And I'm old enough to have voted for Reagan. Twice.
We're probably close to agreement. I just ask you to consider the fact that we're so familiar with making paper secure that we just take the appropriate procedures for granted and tend not to be aware of how problematic and worrying they probably seemed to our great^n grandparents when they first had to consider trusting to paper instead of personal agreements between people who knew each other. (Remnants of this survive in our legal system, where paper evidence is inadmissible without the personal testimony of a witness.)
Conceptually, the same can be done with the electronic communication. You just need new paradigms, that's all. New ways of thinking about the strengths and weaknesses of the medium, and what procedures will take advantage of the former and compensate for the latter. It can be done. What I'm a little dismayed by here is how many of the very community that could do it are so pessimistic. It's almost like proposing to fly 50 people to Mars and the aerospace engineers all pull a long face and start to talk about how impossible it is, ask whether man was meant to fly anyway, and wouldn't you just like to send a 50 pound satellite into orbit, because we know how to do that reliably...
Eh, you need to duck in the time machine and zap back to about 1990 or so. The typewriters had already been replaced with computers, but, no, just about all the secretaries did with them was process words. There wasn't much of an Internet, for one thing.
Ach, don't take my analogy too concretely. Sure, being undisturbed is not the same as having a provable audit chain. But there are plenty of conceptual similarities. And my overall point was simply that it is not obvious that the ability to guarantee an algorithm runs to completion in the way expected (the deposit money gets to the bank, and to the right account; the jewels make it from storage to the Queen's head for the coronation without being replaced by fakes; the vote that's counted is the vote that's cast; and so on) -- I say, it's not obvious that the ability to make sure an algorithm runs as expected is always best guaranteed by a primitive technology and plenty of ignorant human labor. Sometimes a good mechanism and fewer, but more educated people, is a much more reliable way to go.
I realize the people own the election. But I disagree with you that they are dumb -- they are merely ignorant (about computers, for example). And that makes all the difference. People are quite good at picking good cars to buy, for example, even though few of them really understand the technology under the hood. Why is that? Because they are good at evaluating a web of social trust relationships that allows them to, so to speak, tap into the minds of the actual experts. Roughly speaking, ordinary people are very good at deciding whether a given technological expert is to be trusted or not. So they figure out whether a given auto company's engineering boasts are valid or not, and buy the right car.
In the same sense, with the proper system, people could figure out whether or not to trust the technical expert who, in turn, would guarantee the quality of the election.
Look, it happens all the time. With some hiccups (Beta) the best technology usually wins out in the public marketplace, despite the fact that very few people actually evaluate it, or can evaluate it, for themselves. Again, I just don't think voting is so unique a human endeavor that it can't fit into the same social process.
I didn't say it doesn't matter, I said it doesn't much change the legitimacy of the vote.
What you're saying is that the current system is highly unstable, that very small perturbations can produce drastically different outcomes. If this is the case -- and I'm actually not agreeing it is -- then I submit there is no future in trying to eliminate every last possible source of tiny perturbation. There will always be one more weird little influence that can tip things one way or the other, if the system is that unstable. The only lasting solution is to fix the system so it's no longer unstable, i.e. get to a situation where minor perturbations in who votes for what and who doesn't much change the outcome.
MD or MC simulation for systems with long relaxation times. My particular target was solution macromolecular conformational relaxations, e.g. polymer backbone twists and turns.
See, with that big polymer backbone you can't break the system up into cells or anything, and you can't divide up the problem in the time domain, because of course what happens at t+dt depends very much on what's happened at t. So you're stuck, you've just got to do the simulation in a single thread.
You can use multiple processors to better your statistics. That's just running the simulation over and over again from similar initial conditions, and since every simulation is fully indepedent you can just run them on multiple machines or whatever -- there's no advantage to any finer-grained parallelism. This is nothing to sneeze at, but it's still mostly just making nice smooth graphs for the publication.
The kinds of stuff I was trying to do involved up to multiple millions of timesteps, to the point where I started to worry (in the MC case) about the random-number generator, ha ha.
Well...my work (scientific computing) put a premium on sheer scalar speed, and for that the RISC architecture was great and the x86 CISC paradigm a drag. Once you learned how to write code in a certain way, DEC's compilers could make amazingly fast code out of it for the Alpha.
In case you're wondering, no, parallel computing was never a good option. There's a large class of scientific problems that just don't work very well in parallel, because of large-wavelength correlations that make it painful in the extreme to write a parallel algorithm, if you can do it all.
Man, that was a sweet processor. I recall comparing my spanking new DEC Alphastation to the Cray down at San Diego Supercomputing Center in 1995, and there was just about no difference. That machine flew.
Funny thing how Digital's hardware dominance seemed to just dry up and blow away, tho'. I seem to recall in the 80s and 90s it was the place to be if you were a hot and ambitious hardware hacker. Wonder what happened?
Holy flaming...er...never mind.
Well, the total price of getting the 200 kg copper slug to Mars is about $450 million, according to TFA, which works out to just over $2 million per kilogram. The value of the copper itself is trivial by comparison. (That is, it costs far less to dig up and refine 200 kg of copper than it does to shoot it to Mars.)
Heck, they could make the slug out of pure gold ($20,000 per kilogram) without changing the price of the mission noticeably.
It is imperative that any voting system have a physical object representing each vote...
Well, if you say so. Everyone's entitled to make their own decision on this. But how do you deal with the fact, that if you're like most people these days, you're paid directly into your bank account, pay most of your bills by electronic transfer, and have most of your retirement kitty locked up in shares traded electronically on the NYSE? There's no physical objects representing your wealth, you know. No greenbacks in a vault somewhere, no lumps of gold in a strongbox. If the computers all wigged out, you could be flat dead broke tomorrow morning, if you haven't thoughtfully saved each and every one of your ATM receipts, pay stubs, canceled checks, credit card bills, et cetera and so forth, and even then it'd be a right struggle to get it all back.
Fact is, it's the digital age. We need to deal with this, find new ways of building trusted information exchange. I suspect the paper vote is going to go the way of paper money, sooner or later, no matter what. Best get busy figuring out ways to do it safely. Which, I certainly agree, includes doing something that makes you and folks like you confident that the system is reliable.
Right you are. Now, ask yourself whether you personally are aware of -- or have even worried about -- exactly how and by whom your paper vote is counted, and how and by whom and with what security that vote tally is transmitted to the capital for the Secretary of State to certify the election. If you're like most people, the answer is no. People just drop the ballot in the box and trust that it's all going to work out, at least until they start seeing scary stories on Nightline. Hell, people have to be taught about the existence of the Electoral College every four years.
What's the difference? Well, people have seen hairy photos of airplanes crashing. We've all seen films of Hiroshima. So, people worry about the security of ATC software or nuclear weaponry. But aside from the goofball antics in Florida in 2000, which, except to the usual sprinkling of Oliver Stone disciples tends to be nowadays rather a yawn of an issue, not much has gone badly wrong with voting, electronic or not. If a county supervisor has been slightly fraudulently elected, well it matters a lot to he and his local supporters, but not so much to citizens four states over, for whom life will go on pretty much as it has.
Which brings us to the larger point: I suggest there are in the end two possibilities here: (A) Any fraud through electronic voting is so minor as to be unimportant, or (B) it will not succeed.
Case A: Someone tampers subtly enough with the vote tallies that a very close election (e.g. Bush v. Gore) gets decided one way versus another. Disaster? Hardly. What people overlook about close elections, and Bush v. Gore in particular, is that the fact that the vote is so close is just another way of saying that both candidates are essentially equally preferred by the people. So for the purposes of representing the will of the people either will do, to within very small error margins. That's not to say the results of electing one versus the other might not be very different. Al Gore would have made a very different president than George Bush (albeit less different, I think, than Gore voters hope or Bush voters fear). But the legitimacy of electing either one is essentially identical. You can't, unless you're a Jesuit, say that someone for whom 60,000,001 people voted is significantly more "the people's choice" than someone for whom 59,999,999 people voted.
In effect, slight fiddling in very close elections doesn't matter much. You're not changing the basic principle of elections -- that the winner represent the will of the people -- very much, if at all. You are doing not much more than is done by a million small random factors anyway, e.g. whether it is raining or not on election day, whether candidate A wore a nicer tie than candidate B in their last televised debate, and so on ad infinitum. If an election is so close as to be determined by tiny, trivial factors, there are a billion of them, and fraud is not obviously the most important.
Case B: Now if you change vote tallies enormously, in elections that are nowhere close, then, er, I think someone's going to notice. If for example you change Orange County vote tallies so that it goes 80% Democratic, or Santa Barbara tallies so it goes 80% Republican -- well, people are going to notice. They're going to say: WTF? This has never happened before. No one I know voted this way; it's not consistent with pre-election polls, it makes no sense with demographics, it's not consistent with other parts of the State, et cetera and so forth. Really, in the end we judge the legitimacy of an election not just because the Secretary of State announces the results using his serious grown-up voice, but also because in many large and small ways, the result "fits" with other facts we know.
So in this case, there would be a huge hue and cry, and the results wouldn't stand. People would demand a recount, and if one were not available, a new election. And they'd get it. And then they'd lynch the designers who made the fraud possible.
Sigh. Look, why have we replaced armed guards with Medico deadbolts, security cameras, and motion-detection alarms? Lack of dumb oxen hireable off the waterfronts with the willingness to mix it up with intruders? Hardly. We've found that under certain circumstances, you can get the same level of security at less expense by well-designed mechanical systems, backstopped at fewer points by human guardians. Instead of hiring 12 security guards to beat perimeter, you hire 1 better-trained guard to sit in an office and watch camera screens and monitor the motion detectors. Does that mean he needs to be able to understand at some level the technology of CCTV cameras and infrared motion detectors, at least know their strengths and limitations? Uh, yeah. Is that a problem? No, not really, because you need sufficiently fewer of the better-trained guards that it compensates for the fact that each must be more intelligent, more reliable, and better trained. You trade in a dozen low-salary worker ants for one soldier ant who's paid somewhat less than twelve times as much.
Back to elections. If you design your electronic voting system properly, then by definition you don't need half a million barefoot technophobic UN workers to monitor your election. Instead, you need a far smaller number of far better-trained workers to monitor critical points in the system. Just like the guard savvy about video tech sitting in his central office.
And how does Joe Sixpack verify the trustworthiness of the system himself? He doesn't. In the same way he doesn't personally do a fluid-dynamics calculation of the lift-to-drag ratio of every airplane he flies, doesn't understand how ABS brakes, airbags or cholesterol-lowering drugs work before he trusts his life to them, and doesn't know how the ACH electronic check-clearing system reliably transfers his debit payment (and not his entire bank balance) to the gas company. There is a web of trust, in certain experts with certain government-issued certificates, in the presence or absence of news stories about problems in the system, and even in word-of-mouth rumor, that let Joe assess the trustworthiness of all these systems indirectly. I see no reason why voting in particular has to be different.
Finally, just because you can't subvert a system which relies on paper and chains of human watchers with fancy technological tricks that bemuse them doesn't mean the system can't be hacked. Not at all. You just have to do a little psychological hacking instead, e.g. bribery, sleight of hand, intimidation, a con, et cetera. If voter fraud was committed in Iraq -- and I'm sure it was, in places -- it was done in the old-fashioned, low-tech way, and despite the presence of election watchers. In short, relying on paper to prevent fraud would be just about as foolish as relying on electrons. It's not the technology. It's whether it's used correctly.
Ach, no, this focusses on only the most concrete aspects of the audit trail. Sure, a given piece of paper is write-only. So what? A vote isn't equal to a piece of paper. It's equal to one particular piece of paper. What's really important is not the fact that we can guarantee that this piece of paper has been written on only once, but that we can guarantee that this piece of paper has been written on by the voter. You don't commit voter fraud with paper ballots by erasing the mark. You do it by substituting another marked piece of paper for it -- by transferring the "blessing" that transforms a marked piece of paper into a vote to another marked piece of paper.
Similar with the ballot box. It's hard to change the number of ballots in a given ballot box. So what? What's important is that this box full of paper was filled by voters, and not the one I've got hidden in the back of my black Cadillac with the heavily tinted windows. You commit fraud at the box level by replacing the real ballot box with a different box -- by once again moving the "blessing" that transforms a box of paper into a box of votes. And, yes, you could therefore in one quick and easy step replace 5 paper ballots with 31337.
Finally, the Secretary of State certifies an election without personally handling each and every ballot, or even seeing each and every ballot box. So there is the communication from precinct captain to supervisor to the capital to consider. You commit fraud at this level by getting to the right people, or fudging the communications, or some combination of these. Once again, it's about moving the "blessing" from certain communications to others.
In short, I don't worry much about the naked complexity of the computer code required -- we're just trying to tally votes, after all, not fly Space Shuttles at Mach 25 or predict solar photosphere dynamics -- and more about the overall system design. As I said, I think the key issue surrounding electronic voting -- or any voting -- is a system able to prove to anyone fairly easily that the audit chain is complete. That is, which can prove that no one was able to modify the tally on the disk drive or that no once was able to replace a ballot box with another of his choosing just after the polls close.
Ah...you're saying such a solution would interest you, then?
Okay.
It's not the expense of the ballots boxes and paper. It's the expense of the trusted, reliable human beings to prepare them, move them about, and count them.
Compare to the expense of replacing typewriters with computers. Why does this makes sense, economically? It's not that computers are cheaper than typewriters, but that good secretaries are expensive. And if you can set it up so they spend less time formatting paragraphs, because a machine is doing the job, you save money.
Furthermore, the level of security demanded of the two systems is wildly different, so there's a bit of apples and oranges here. People demand bulletproof security from the electronic system, so that it can be deemed secure against even well-funded, persistent and diabolically clever enemies. But they are willing to accept an existing paper system that has laughable security -- a cardboard box carried by two senior citizens, forsooth -- where it would be perfectly plausible for a committed and well-funded fraudster to corrupt the voting. If we insisted on equal security for the existing system -- a platoon of armed guards around each voting location, say, as well as requiring voters to show two photo IDs before voting, cross-checked instantly against government records -- it would be hideously expensive.
The fact is, voter fraud is fairly uncommon in the US largely because it's cheaper and easier in the long run to win elections by other means. Why try to steal an election for $100 million when you can just buy it on the open market? (By hiring media consultants and spin doctors, blanketing the airwaves with ads, commissioning push-polls, buying off bloggers, yadda yadda.)
Could be. But what's your point? That the Diebold electronic voting system in particular is crappy software and should not trusted? Or that electronic voting itself is a disaster waiting to happen, something we are just not smart enough as a species to implement securely?
If the former -- sure, OK, if you say so. I have no relevant information to challenge the conclusion. You could be right.
If the latter, I don't agree at all. The fact that one particular design might be upgefucked is no reason to abandon the project as hopelessly beyond our competence.
It is. And it's a very important cautionary tale, I agree. It's hard to be too careful in areas like this. But...a coupla points:
(1) The Russians are different. The Soviet model always put its reliance on layers of human inspectors and inspectors of inspectors. They have far less historical experience in building reliable mechanical systems, and this has always shown up throughout their military structure (and for that matter in their aerospace ventures as well). As a consequence, I would not be surprised to find them a little hazy on exactly how far to trust software, how to properly configure it, use it, verify its operation, et cetera.
Parethetically, there is evidence that the Soviets have always been appallingly sloppy in their handling of nuclear material, e.g. Thomas Reed's autobiographical book notes the story that unskilled janitorial workers at one Soviet weapons plant were told to clean up plutonium dust with pans and brushes, and not so much as a paper breathing mask.
Moral of the story? Do not dive into technology -- do not assign critical functions to it -- unless you have a long experience dealing with it and understand its abilities and limitations thoroughly. When it comes to computer command and control the US has this, at least in some areas. The Russians do not.
(2) It's unclear whether the Russians found a flaw in an official and trusted DoE program, or whether they borrowed some sketchy design ideas from some nice people outside the fence at LANL and found that, gosh, it's a little tricky going from beta software to trusted final product. The rebuttal by the DoE strongly suggests the latter.
(3) DoE keeping track of nuclear material isn't the same level of audit-trail concern as DoD keeping track of weapons or weapons codes. There's as much or more difference between nuclear materials and a nuclear bomb as between steel ingots and a machine gun.
(4) I'm underwhelmed by the defense security expertise and cold-eyed objectivity of an organization (CDI) whose board consists of boutique ice-cream magnates (Ben Cohen), actors (Paul Newman, Joanne Woodward), social scientists (Steve Ungerlieder, psychologist, and Barbara Winslow, CUNY Women's Studies Program), and a few retired military officers, who may or may not have had senior-level experience in nuclear weapons command and control. I'm not saying they don't know what they're talking about because they seem to be amateurs -- that would be an ad hominem argument -- but I do suggest the background of the messenger does not lend weight to the message, in this case.
In short, as always, it is not really news that mechanisms are only as good as their designer, and should always undergo testing and verification appropriate to the level of trust one has to place in them.