No, it's not impossible for someone inside to write down data points, but they can't search the database willy nilly. In fact, 90% of them can't even make general queries, but only tie a number calling in to a screen pop, then validate the caller by entering data requested, and only then do they actually get a record...
Screenshots can't be taken from our citrix consoles (that was security 101 stuff we turned off). Screen capture on the remote desktop is also disabled by the security settings. Sure, some motivated person with access could pull some data, but thay can only see the last 4 didgits of SSNs and Credit card numbers. Detailed medical records are hidden from them, and can only be downloaded by approved personell. The purpose of the interface is to confirm information, not display it... and any access to detailed content is logged.
Go ahead, steal 300 numbers and sell them. pretty much guaranteed if those 300 numbers turn up stolen, and they back track, only 1 employee will have accessed all 300 records.
I did say we've had a few people we've caught collecting records. All of them serverd not less than 5 year sentences for illegally accessing governemt records. Now that the details of those arrests are part of our training, and people know how EASY it is to get caught, noone steals. (the 10,000 bounty for turning in a coworker doesn't hurt). A manager who failed to report SUSPECTED theft got fired... and that was in anternal audit (a rouse), not an actual theft. Out of millions of records, we've had a few slip, sure, but more slip at the doctors office getting entered in the first place.
Perfect security is an illusion, I won;t argue that, but even if a hacker could penetrate the workstation inside our secure network, then hack from their on a live session into the web server, that's it, that's as far as you can go. The java code on the web server is just a front end to an app on another server beyond a firewall, and getting from that web server to the AIX box running the app is, as far as the DOD is concerned, impossible... Even a penetration THAT far still won't get to the data as the app server runs a READ ONLY OS! The connection to the java app server is not a constant connection, but a single request session that terminates automatically after 90 seconds...
The ONLY way to get to the data with anything more than a single query, validated by not less than 3 pieces of data you need to provide, is to actually log onto the datbase server (OS390 host) directly. Good luck getting the admin password to log onto a mainframe, the su- password to run the data export app, and the passwrod the the databases all at the same time....
You're all also forgetting something crucial... THIS DATA IS ALREADY OUT THERE!!! It;s already maintained by local child service offices today. It's GOING to be maintained SOMWHERE, why not in the most auditable, secure location possible, instead of scattered aroud on a hundred easily hacked windows servers...
Those 390,000 people, some of them are already perverts looking for kids. And ALL of them ALREADY HAVE ACCESS TO THIS DATA, or at least, their LOCAL data, which is all they care about...
This is not a NEW dataset, it's only an EXISTING dataset CONSOLODATED behind BETTER auditing tools and more scrutinized secuirty.
leaving this data in small databases in easily hacked locations exposes it to people OUTSIDE the 390,000... at least we can limit it to a subset of perverts, and kjnow which ones accessed which records.
Also, do you think we'll just let tham search without cause, at random? NO you paranoid moron, they have to have data to FORM a query first... They need to match a name and number to GET at the data, it's not a fucking open searchable front end...
#12 Biometrics: Well, they're a failure allright, but not due to the technology, due to their failed implementation. Biometrics were NEVER intended to be a security device into themselves, but a SUPPLEMENT to a password. Your finger I can fake, your password i can steal, but getting both at the same time is a true challenge! A great idea that failed because people were idiots.
#11 Ubontu: Ubontu (desktop Linux in general) is simply ahead of it's time. Only with a fully supported industry rollout, targeted at specific uses, will Ubontu succeed in the future. Dell, HP, and others not only need to fully support it, and integrate a large number of their systems with it, but it also needs some standardization. As is the problem with most open source effoerts, it's a "we're not done yet, but lets put out another beta" cycle. An OS is not useful until we stop upgrading it long enough to get everyone used to what we've done. If we could simply polich off the OS, pick a FEW standard packages and default several of the tools and configurations, then STOP for 2 years, and only develop in the background, ubontu would get farther. The main reason we have never locked onto Linux desktops in our company is that they're a moving target. There's TOO much development in too many directions. If the community would simply work to finish off the core OS without adding gimmicky add-ons we might buy into it eventually.
10: Virtual Reality: It's there, and it's cool! Gone are the days of standing in that stupid ring thing, half the good 3D games out there fully support stereo 3D, and you can get a lightweight, comfortable headset for less than a 24" monitor costs. The problem is, the game content... few games really lend themselves to immersion other than FPS. The most popular games are all 3rd person or top-down views. Immersive 3D is actually boring after a while (and can leave a nauseating feeling as well). It's not a failed technolgy, it;s just that we developed it before we realized we didn't really want it.
9: Alternate Search Engines. This is not a failure of the industry, it's siomply because either MS Search or Google search are defaulted on everyone's systems. most people who use PCs are sheep, and only understand how to use what's turned on by default. IE isn;t the most used browser becuase it's the best, it's because many people just don;t know anything different... Also, Google actually produces good results quickly. Other engines do a good job, but they're graphic heavy, bloated with adds, and slow.
8: Voice Recognition: It;s not failed. It;s not gone. I use it every day, and it;s getting better fast. The problem is not getting the computer to recognize speach, the problem is getting people to speak in a recognizable fashion! I live in the south. Even I have a REALLY HARD TIME understanding people some days... However, I've been using the speech recco built into Word and also in my Mac for nearly 10 years. If you actually take the time to train it, use it consistantly (making it better), and speak with a normal (only slightly accented) speech, it does very well (99%+ accuracy, and the grammer checker picks up the rest). This is obviously something the reviewer used years ago and gave up on and has not seriously considdered since. We run several Voice Recco Websphere servers here as well, and they even do pretty good recognizing hard names, and a simple p% processor handles a few hundred consurrent voice calls, so the CPU is clearly not the bottlekneck.
7: Lisa: OK, so Lisa failed, but Lisa was NOT a product line, it was an introductory product. You could almost say the same thing about the Gen 1 iPods... They barely scratched the surface of the MP3 industry. but... the redesigned, cheaper Gen 2's took off! (aka Macintosh). The Lisa proved what computing COULD BE, then Apple took a step back and released commodoty hardware for the rest of us. Also remember, 10K was NOT out of line ofr a computer. In 1984 the only people looking at computers for home wer
I'll tel ya waht, on point 1: money laundering: It's a youth account, max number of withdrawls per month is like 1 or 2, and any large amounts passing through there are certainly going to be investigated. 2: you need to show up in person to create one, and you're going to need more than some data and some kid who may or may not resemble a description, you're need a birth certificate and SS card (here in the US anyway). 3: God PLEASE, let someone put large sums of laundered money in an account in my kid's name. I have 2 small kids, and i check their credit reports anually (at least!). If I found an account, I'D EMPTY IT, then call the police for follow up.
On point 2: 1 seeing a doctor isn't free. Even if you have my kid's personal info, you don;t have MY insurance card, and you'd have to pay the doctor, plus pay for the perscription. My local doctor knows me and the wife on sight, some other doctor is not going to hame my cards on file and will need you to provide such, wich you can't get from this database... Feel free to try to cheat the doctor that way. Good luck. besides, no doctor is going to issue a scrip just because you say so (well, at least not the ones you need to hack a database to get them to do that for you). Also, any good doc that sees a kid injured bad enough to need such a prescription likely is required by law to report it. Some random kid, left away from you for 20 minutes while you argue with the doc and security is likely going to spill the beans to another doc and get uo arrested. This is one of the more risky, and complicated, scams I've ever hear presented, and it saves you nothing since you can't access my money or insurance to pull of this scam...
3: If you knew anyone who ever has been convicted of child related issues, then you;d know this: That data is NOT a secret. It;s PROVIDED to the schools, local authorities, even some churches have access to child services data. This is NOT a secret people will pay to keep silent. Any parent who has some truly dreadful issues like sexual abuse of their own kids 1) doesn't have kids anymore and 2) is already listed in other publically available databases, so again, no blackmail opportunity. Also, several of these people are violent, raging lunatics, and would likely sooner try to have you killed than pay you. 99% of them are also dirt poor, so again, value for the effort vs risks? very poor investment of time and money...
This is not some small time shop writing a little database, this is THE government, not some local office, a government who has managed to keep state secrets for decades without leaks, a government who has hundreds of terabytes of data few have ever seen, a government who is VERY used to people trying to hack it.
Have you ever seen the Social Security database hacked? The IRS? The military ID central database? The DOD? Penetrations, yes, many years ago people did manage to get into those systems, but stealing large amounts of data? Even if you could get in, gain access to a database, pull a query, and start downloading, how far do you think you'll get? The firewall is going to cut your connection after a few dozen MB on the same stream anyway, and send up an audit alert... you can't DL the entire database, not even a part of it. Hacking the workstations? Good luck, they go through citrix anyway so they're not even accessing the data through their own browser. Internal users? It's hard to install a virus on a system that doesn't have web access, runs through multiple e-mail filters, and only accesses virus scanned file shares, and is so locked down by group policy you can't even adjust the screen saver settings...
It's not perfect, but again, THIS DATA ALREADY EXISTS IN MULTIPLE LESS SECURE PLACES, consolodating it is FAR more secure than leaving it to it's own. Most child services offices are grossly underfunded, and commonly have their local data in a single user access database of simple SQl engine running on an XP workstation with a tape drive... Taking this data from them is somehting we SHOULD be doing!
We detect a hacked of infected machine somewhere in our network DAILY. We have CIA, FBI, and DOD personell here weekly back tracking audit logs and trying to determine if a breach happened or not. We're VERY certain we've never had a breach.
Also, we've never seen or heard about a bot that can intercept data from a remote SSH connection to a web API. Yea, you can build a keylogger, but you'd have to know the site's design in order to know what to pull, which at the least requires inside knowledge of our java app design (which changes about every 6 weeks). Also, 90+ % of our cases are opened by incoming callerID, and it's all screen-pop oriented. End users can only enter data into key fields, they can't fill in a complete form, so the only data you can steal via key logger is the account number or the name, not both, and possibly a phone number... We don't use SSN as a key field. none of the medical information is ever typed in by an end user.
Much the same would be true for child services. They'd have a few more search fields to put data in, but the data that comes back can't be used by a key logger.
Add a layer of security and restrict web access from a citrix console and that avenue of attack is no longer useful.
Trust me, we host the personal and medical data for a few dozen million people, including every person who's been in the military since the mid 70s. We're CERTAIN you can't get our data with a bot on a workstation at this point. We can't prevent agents from writing data down and selling it in other ways (we've caught a few over the years doing so), but 1 person and a pen stealing credit card numbers is almost meaningless. you're 1000 times more likely to be a victim of identity theft by someone stealing your outgoing mail in your mailbox with the flag up...
A business account TOS and a residential accoutn TOS agreement are 2 very completely different things... and also the bill you get for that 6MB business DSL is about 3 times the price.
AT&T may be fine with your current use, but likely that's because they have NO IDEA what you're doing... They're not interested in blanket scanning their network for people who host a simple server for personal use. Your internet load is minor by comparrison even to a casual torrent user....but, as soon as they decide otherwise, as soon as they confirm you're running a server (if they ever do), and if they DO care to collect, 1) your service will be cut, 2) you'll be back billed for their equivalent, undiscounted, business tier service connection, plus late penalties, interest, and additional charges.
I've seen 3 people I know personally get nailed by their ISPs. Time Warner came after one guy i knew who had been a customer for 6 years. He was not a heavy user, BUT, he pissed off the wrong guy in support one day and inadvertantly mentioned he was calling because his service quality was causing his server to miss e-amils. He was paying $30 a month over those 6 years. They back billed him for close to $15,000 in service fees ($240 a month for business connection at his bandwidth tier), then tacked on interest and panalties. The final bill was over $30,000. By the time their lawyer (and his) were done, he settled for $6,000 and was banned as a Time Warner customer for 10 years. in the meantime, DSL was not available in his area, so he had to move in order to keep his job with his company as internet access at home by IT staff is clearly a requirement.
2 others i know did better, only paying 2 or 3K in back service fees and loosing their connections.
ESPECIALLY in this bad economy, and ESPECIALLY with AT&T who is HEMORAGIN money from their home phone unit and can really use the cash from DSL to make it up, I would not challenge them.
A simple home server is one thing. Portal access, RDP, these things are not generally considdered "servers" Your personal e-mail server in essense can be considdered a "dedicated client" and realistically is no different from using outlook to download e-mail from a push server, as long as you;'re only hosting your own e-mail accounts. Even a personal file share server is no different than hosting a local file share and opening the port in your firewall, again, as long as noone other than the people in your house access it.
but, as soon as you start providing a "service" to anyone else, even for free, and even if those people are also AT&T custoemrs, you;re crossing a line that they bill lots of money for... and they may come to collect.
Again, Residential does not equal business. if you have a business line (I did for a while) then you can do whatever you want with it, including profit from it.
So, you propose to steal the data as it's being entered in remote offices before it's uploaded?
Well, with a web API over SSH that means you're talking about a keylogger, since any other way to steal that data requires you to have access to an application or a local dataset, neither of which exist. I really could give a crap about keyloggers, since you can already steal that data simply by hacking the PARENT'S COMPUTERS. That's nothing new, it is not an ADDED risk.
What you're saying, in a nutshell, is that data in any form is unsafe anywhere, regardless of wether it's centralized or not. There is no answer to that, but it's also UNAVOIDABLE. The data WILL exist somehwere, it simply HAS to. (unless you're suggesting we take the entire government back to paper and secure point-to-point fax machines and throw out all the computers).
We MUST have the data somewhere or the danger is much greater (mishandled children, lack of access to missing persons data, inability to match children to parents, inability to track troubled parents from state to state, inability to centrally documented court interactions with parents, these are all MUCH bigger problems than the risk of data theft of priomarilly useless and invaluable data!)
If the data IS centralized, then we have a single secure repository. This provides multiple advantages. Cost (fewer servers, fewer admins, consolodiated licensing). interoperabilty (everyone's on the same code base). Audit (every access from every point is monitored, further, we can scrutinize the security level of the guest machine logging in). security by scale (big databases are on big iron, and enterprise class systems and security, scattered regional databases are on back offince machines with little or no regulated security.) Reliability (big massively redundant clusters on UNIX or OS390, not simple machines runnin Windows).
Let's not loose sight of this fact: THIS DATA ALREAYD EXISTS, we're simpy securing it centrally under government security regulation and audit. IT'S ALREADY OUT THEiR, UNSECURE TODAY. The security can't be perfect, but it's an order of magnitude better than today. Oh, btw, most common method of access from remote sites: Citrix. go on, install a key logger in my virtual desktop image... Hack the remote PC all you want, it won;t get you into the citrix system, and even from there you still need the account credentials to log onto the internal web server...
Again: my firm processes 7 billion medical transactions per quarter. We have thousands of tapes coming in and out of the building weekly, we have hundreds of throusands of people interacting with the medical records, processing payments, transactions, medical history files, and more, most in real time. We are under CONSTANT attack from viruses, botnets, and hackers. NEVER ONCE have we been breached. DAILY one of our systems is infected, but you can;t get the data by infercting edge systems, you have to infect the core, which is still 3 firewalls and 2 alternating operating systems away.
Name 1 virus that can hack a Windows PC, from there hack a Citrix console, from there Hack a Redhat web server, from there hack an AIX application server, and from there hack a DB2 or Oracle database on a mainframe... and EACH SYSTEM TIER uses seperate administrative credentials! Even the best hackers in the world can't accomplish that in person, no simple bot can do it.
Want to collect the data by infecting 1 million point systems, fine, you can ALREADY do that... We're just making a system that solves otehr BIGGER problems, without increasing the security risk level (in fact, it;s better than it is today by large margins).
Linux HAS a place in the desktop, and it's not going away anytime soon. In fact, many companies, including ours, and many government office are planning migrations soon.
You see, most of our datbase apps now live in Java, and by seperating the user front end from the database server by yet another layer (user -> Web server -> App server -> DB) you improve security and improve auditing and reduce costs.
Pre-built (aka Dell and company) linux boxes don't have driver issues, everything work sout of the box. They're supported operating systems and for web use, e-mail, and document processing (which most governments are actually requiring OpenDoc or similar formats now), it's all good. Plus, Users don't know how to fiddle with Linux, so finding users who have bypassed security rules and installed dozens of little apps, screen savers, and other virus risks doesn't happen. It also doesn't require hardware granphics like Windows Vista and 7 do, so they run on more comodity hardware.
For home users, the $300 PC and laptop market is booming. Again, pre-configured out of the box, no real issues. Most software they can buy off the shelf (AV, Office etc), run on it pretty much as is.
Also, there's the Apple effect. The more they become popular, the more companies are pouring software monet into OS X, which once you're there is not difficult to port to Linux (far easier than porting to Windows).
As a company, we're moving to zVM. Suse or Redhat enterprise virtualized on IFLs on our Mainframes. Any packages that currently require Windows OS to run are being re-written for Linux. Anything already in Java is being ported over. Anything that can't be is being replaced by somehting equivalent that can be.
Linux is NOT ready for joe-bob-PC-moron to install on his own home PC as a second OS. Linux is NOT ready for true power users who require high end apps like CAD, image editing, publishing, etc. Linux is NOT ready for the OS tinkerers who don;t already read code and understand Shell. Linux is NOT ready for the bulk of home users. Linux is NOT ready for SMB. Linux is NOT IDEAL for people who share data and programs with lots of other people who are not also on Linux. Linux is NOT ready to bring into your house to be compatible with evertything else you already own.
Linux IS ready for any PC user who's never seen a comand line and who use only the most basic features of a computer (provided it comes pre-installed and supported by the hardware bendor). Linux IS ready for enterprise (all our admins already support it on the servers, the desktop is a natural leap). Linux IS ready for the general user base. Yes, it can be improved (dramatically), but it WILL grow, and it is here to stay. It will likely play second fiddle to Apple for another decade, but it is here.
I don't doubt that would be an issue. Training someone to work securely is complete bunk.
However, managing a massive server farm that processes 7 billion medical transactions per quarter, and stores data for nearly 1/4th of all americans and the entire military, I can say providing data security is actually pretty easy: simply architect the database in such a way as it is impossible to export the entire data set except for a few key system and DB administrators. In our DECADES of processing transactions, we have never had a breach. We're under CONSTANT DDoS and hacking attacks. Half the world is TRYING to steal our data. We have DOD, CIA, and FBI here weekly researching attempts. Not ONCE have we lost data. We ship thousands of backup tapes out of our data center every week. Not on ever lost.
Line level employees can only access a record given the key; SSN plus phone number (via routed caller ID signals, not typed in) plus pin#; SSN plus account number plus pin number; SSN plus DL plus full address, etc. Searching for records by only name, address, or SSN alone is not possible. Dumping more than 1 record at a time is not possible. There's no database app on their machines, only a web portal to an app on a server behind a firewall, that server communicates with the actually application engine on another server, and that server is firewalled off from the DB server. The app on the app server has very limited ability to access the database, only programmed queries that meet minimum validation.
For the child services dept, they would have to do searches occasionally, but even the search should only reply with a simple list, containing only 2 or 3 vlaues foe each returned result, and that list should not be exportable, and should be limited to say 100 results. End-user hacks, or data theft from the client side should be basically worthless.
If the end users can't GET to the bulk of the data, they can't steal it (or get hacked by someone who could).
A 3 tier network architecture prevents direct access to the database. Individualized user password access makes the process auditable. DB dumps can only be perfomed on the DB server directly, logged in as non-root administrators, and even those dumps should never be uses for more than migration, backup, or test lab use. Keep in mind, databases of this saze are NOT hosted on Windows boxes in some closet... They're on massive AIX Oracle clusters, or on Host systems. Those systems are not vulnerable to hacks as they have do direct outside connections, and are hardened UNIX operating environments.
Great, you've got 390,000 users. They can't get to enough of the data to steal it... Maybe you've got about 100 developers. They use dummy data, or exports of the DB that have run through a name and SSN randomizer (we do that here). they can't steal the data. You've got 10-20 admins who maintain and back up the server; they're all security minded highly trained IT folk, and are told their actions are audited. They're the only ones who could steal the data, but we'd know if they did and they know that too.
Where big data breaches have happened in the past is when executives have gone plugging around town with dumps from some tool to an Access database. Others have been data tape thefts, but they've been small time shops compareds to this. Even if you can steal some of my TSM tapes, where are you going to load them to get the data off??? The drives cost $25K each, not to mention hundreds of grand worth of licensing and AIX servers to control the drive. These are not some cheapo LTO tapes... and these tapes, they're logged by a librarian, boxed by paid security staff, and a chain of custody in locked tape boxes passes through 3 people before the box gets to the front door, and then it's handled by armored car... 3 of them actually, and tapes from the same tape set are allways divided across the trucks, so even knocking off a tape truck does not get you a data set that can be stolen. Oh yea, the 256bit AES encryption is a bugger too!
good or bad, the worst thing a data breach of a major database hasd caused is a small percentage of identity theft and a whole lot of spam...
What can crooks really do with information about your kids, honestly? Names, addresses, data on the parents, this information is tailored for child services folks. There's not much in it that's useful!
You can't open an account in a childs name except a savings account. What are they going to do, deposit money in your kids name? Even if they did manage to steal this database, and then do something to a kid's credit file with it, all you have to do is show up in person to a bank with your child, or send a fax to a credit bureau, and all references to any activity are removed and any banks that allowed those accounts to be opened get a nasty fine.
The sickos that might want access to this data don't need it. They all either pray in their backyards, or online, and data from some repository isn't going to help them figure out if the kid they're talking to in a chat room is on the list or not from a username.
This data is WORTHLESS to theives except for the fear factor that stealing it causes in the sheep.
AT&T's DSL service agreement, section 10; be Fair subsction b.: You may not use your Service connection to host a DEDICATED INTERNET server site. (emphasis mine).
The AT&T iPhone agreement however states: "Examples of prohibited uses include, without limitation . ..downloading movies using P2P file sharing services, redirecting television signals for viewing on Personal Computers, web broadcasting, and/or for the OPERATION OF SERVERS, telemetry devices.... " (emphasis mine).
In the case of DSL, you CAN run a server, just not a dedicated internet server site. A Remote access server, personal FTP server, even a web or file server you run occasionally, even "most of the time" can not be considered a dedicated server. Knowing that, on Wifi, within your home, you could run a server on the iPhone, which by sheer definition can not be "dedicated" as any call, or the use of another app would cause the server to go down. You can use the iPhone as a server since it is behind your personal DSL service.
However, being a server you can not use it on AT&Ts open 3G network without violating the iPhone TOS. It will be interesting to see if this app will be enough of a drain on AT&T for them to target its use, or to see if they'll persue Apple to pull if from the store.
I usa a nifty program called Dicenomicon. One of it's features is to run a web server so you can program dice algorithms through your PC and upload new programs, images, and more to the phone's app. I noted it not only presents a WiFi IP address, but also a blueTooth and 3G address as well. I can not connect to the 3G address in any way I have tried. i don't know if this app also behaves the same.
We choose water over soda. We don't eat great food, but saving $3 a day by not drinking sodas, and drinking filtered water (or tea, or sometimes kool-aid) lets me afford a bit better food. It adds up quick. The kids get OJ from concentrate in the morning, which is actually pretty cheap (a gallon for about a dollar), and comparitively not really different from the good juice brands (only slightly on taste, but they donlt know any better, and it;s a LOT better than the crappy juice they drink at school).
Pasta is REAL cheap, cheaper still is you batch cook vats of your own italian sauce:) That's one of our staple foods...
Lean meats are expensive... yes. boneless even more so. Steak we can get in bulk from a butcher for about $3 a pund, cut it and freeze it at home, and some of that is high quality stuff, typically $7 in the grocery store, the rest I grind. Chicken, there's really no way to get quality chicken cheap. it's either crappy, fatty, and injected, or $5.49 a pound... Instead of cooking chicken at home, I buy pre-cooked, fresh, hot, whole roasted birds for $4.99 at Krogers on the way home!
Hot dogs are also cheap. i try to buy the better (read sausage) dogs when I can (2 for 1s, they're not a bad deal, and taste WAY better).
Pizza is also a staple. Not really that bad actually is you ask them to go light on the cheese and heavy on the veg... I can't cook home made pizza for less than i can buy one nowadays, so we don;t try. (besides, home ovens just are not designed to make a good NY pizza).
Carrots themselves are pretty cheap here, about $1.79 a pound, but carrots don't get eaten plain in most households... They're a pretty bad snack (actually nutritionally on their own they are not really that good aside from 1 vitamin and some fiber). Typically though, they're dipped, and whether that be penut butter, ranch, or some other dip, it's REALLY high in calories...
Apples are about $4 per pound, bananas are pretty cheap too, compared to both weight or volume of doritos. However, popcorn, with light salt and lowfat topping is a pretty hard to beat snack.
i limit chips in the house. The only candy they get is what they earn with chores and good behavior, and for holidays (haloween candy lasts us MONTHS) Hummus and other similar dips with pita bread are common in my house, and whip up in seconds in a blender and keep for a week. Cheese we avoid now both due to calories and cost. The kids won't eat crackers and vegies like the wife and I will sometimes. Cereal is a common snack, and pretty cheap.
Remember, snacking is not about weight, it's about volume, and staving off a craving until a meal. Chicken is a meal, not a snack, and around here, it's $5.49 a pound minimum, unless you buy the real fatty, fluid injected, frozen patties, which are still pricy, or unless you find a good sale. I can get a whole already roasted and seasoned chicken for about $5 that feeds 4 people on my way home from the grocery store, whip up some instant potatoes or some rice, and a can of green beans, and I've got a great meal for the family for $6. i can't come CLOSE to that cooking at home with lean chicken. Even a whole frozen chicken costs more... The calorie content of roasted chicken is better than fried, but it's not exactly lean...
Why don't i cook more? mostly time. I have 2 kids, and run from location to location all night until about 8PM. We have about 1 hour to cook, eat, clean up, and change, then get out of the house again between 5:30 and 6:30PM most nights. Cooking, even "quickie" meals is typically not an option, and the kids are not old enough to cook for us. We try to eat at home, but prepared meals are the norm unless we have leftovers from the weekend. Crock pots, baked foods, grilled meat (except suasauge or hot dogs); there simply isn't time. At least they're burning the calories in sports, dance, skating, etc. The wife hits the gym 2 nights a week for about 90 minutes while the little one is in dance class, and i pump some weights at home later in the evening when things settle down, but doing a formal family dinner at the table just isn't in the cards for us now. There are VERY few recipies than can be cooked in 20 minutes or less that are healthy and don't involve expensive ingredients like fish. When both kids are in high school, that might be different. We could do better, we could spend more time at home as a family, but then the kids would not get the exposure, learning, and excersize they get now, so which is better? They're not fat, not even close; I think we're doing good.
Folks I know who are poorer than us have a different issue. The kids stay home, and both parents work 2 jobs. One of them comes home long enough to hand the oldest kid (or a babysitter) some food, or some cash, and they're gone again. Absentee parenting. Do they have a choice? Not really.
I agree, in general. I also think that 0.25% sales tax isn't going to make anyone blink... $0.01 on a $4 bag of Doritos is not enough to discourage it's purchase.
If they want to be serious about this, instead of a simple money grap people will hesitate to object to, we should be talking a $0.10 per serving tax on prepared foods and canned beverages, and $0.20 per serving on fried items, candy, and other extremely unhealthy foods. (where a serving is defined by a standards body, not currently how it is defined by the manufacturer to make the calories per serving look more appetising). That way we'd be talking $0.10 for a can of soda. $1 for a bag of chips. $0.70 for a large meal combo an McDonalds. Etc. That would be enough to shift the cost more dramatically, and also provide subsidies to healthy foods to compete better.
This dramatic increase in tax could help lower the sales tax on all other food by 1-2% across the board, or better yet, waive sales taxes altogether on foods considered healthy, and on ingredients for foods prepared at home.
A BIG reason families don't cook and eat at home, or eat halthy at home when they do, has very little to do with cost for most households. It has to do with 1) time, 2) skill, and 3) Planning, and 4) simply being home in the first place. Cooking not only takes money, (which often does cost more than bulk prepared food like $5 pizzas), but it also takes time. Time shopping, time preparing, time cooking, time cleaning. Especially in the poorer households, where both parents may work multiple jobs, this quite planly is difficult. Cooking also takes more than ingredients, as it takes working appliances, tools, spices, etc, which are typically not factored into the daily shopping bill. Other families, especially with kids, are simply out and about, shuffling between day care, team sports, dance class, after school events, and trying to fit daily erands and seeing other members of the family in. When cooking does happen at home, it's the 1-pan style cooking like (hambuger helper, which can feed 4 people for about $4, and which a 10 year old can cook.) Cooking skill, and a solid set of recipies is also a drawback. Even my wife and I get bored of home cooked foods, not because we don;lt have the skill, but because we rarely pre-plan our recipies, and end up eating the same things frequently.
Plus, simple distractions have ruined more dinners that I can count. A doorbell rings and you get held up and burn what's in the pan, or get distracted from the grill. Work intervenes and you never make it home in time to cook what you thawed, plans change and for a few days you can't eat at home, then your fresh food spoils... I probably ruin or throw out $20 a week in ingredients.... maybe more. I've had weeks where I've thrown out $50 in meat and vegetable before, sometimes because it simply never makes it from the store to the freezer in time (a major drawback to buying in bulk). Sometimes I've had meat spoil before I ever got HOME with it due to life intervening. i had to spend $200 on carpet cleaning in the car due to that once before as well.
also, I donlt know what home cooked mac-n-cheese you make, but the recipie I have is about 4 times the cost of even the good Kraft brand with the liquid cheese pack. I spend about $15 to make a pan of it... Even my "cheap" stews and soups cost more than what I can get pre-made in a can.
I'm just saying, there are a LOT of reasons beyong price that people don't eat helthy. I agree, you can eat healthy for a LOT less than you can eat at McDonalds, but you can't always eat helthy in your kitchen...
On a seperate note: taking the video games is BS. Studies prove that even non-exciting games keep a child's heart rate and metabolism running at much higher levels than watching TV. no, you're not going to get the same results from being outdoors, but I can't let my kids out on their own in my neighborhood, they must be watched, and i can't do that 3 hours a day... Video games are some of the
typo: for the promise you don't HAVE to show up to class... my fault.
I've seen cases as well where collegues of mine double and tripple booked classes, same day and time, after working with a professor or three.
They take 1 class they can't outright exempt, or feel they really need, and schedule 2 other classes under "learn from home" special arrangements with the profs. The profs know they don't need the class, give them an exam on day 1, or ask for a body of proof of effort in the field, validate their knowlede, and give them a 4.0 before class ever begins. Then you don;t show up to class and get a 4.0.
Other times I've seen proffs understand that life is intrusuve, and taking time to take a class they know you don't need, but the university policy insists on, well, they just let you slide, provided you get good marks on the exams. By telling you to not show up at all, other students who fall under "required attendance policies" are none the wiser.
You might want to actually follow the link to the resources provided. The data is from the algae industry experts themselves, and most was very recent, including data as early as late 2008 and early 2009.
petrosuninc may be operating a plant, sure. Honda is building fuel cell vehicles too... the cars cost OVER $1M without the government subsidies! petrosuninc is using government funds to offset their costs. They're also a research firm. Sure, they're selling fuel, but they're selling it under cost (they do have to do SOMETHING with the gas after its made, and noone's going to pay $14 a gallon. look at the real numbers, not the marketing fluff... In NJ I can get solar panels on my house for a few thousand dollars and pay them off in 6 years. Same solar panels in SC cost 6X the price, and have a 31 year payoff, in a BETTER sun zone. That's due to the subsidies. Those government subsidies are fine when 3,000 people get fuel from it. When 300 million are, who's going to pay for it?
I don;t care WHERE you grow tha algae... you still have billions of metric tons of waste to deal with... only 34% of the mass is oil, and it;s DIRTY oil that requires expensive processing to be used in cars and creas tons of highly dangerous byproducts.
The DOA also said we could get H2 for $3 per gallon equivalent by 2010 too... They also said we'd not go over $2 a gallon for gas before 2018. They also said fuel cells would be economical by 2009. The technology HAS improved since the DOE made it's statement, but it's imporved marginally, not by the 2 orders of magnitude required to meet the $3/gallon line. Also, other costs have spiraled upwards.
Before you debunk my data, I suggest you read the sources I referenced you to. Since you;re too laze to click 1 link and ready the article I suggested, here's it's own sources for you:
Biodeisel from Algae at $33/gallon, Feb 2009:http://www.greentechmedia.com/articles/read/algae-biodiesel-its-33-a-gallon-5652/
Article by Bob Grant, chief scientist working on het fuels under AirForce grants, and one of the leading scientists in the entire Algae Oils field: http://www.the-scientist.com/2009/02/1/36/1/
There are more citations available on dotyenergy.com. They all back up the extreme costs and failed research and failed promises. Considder the source man, the DOE has continually lied and lied and overpromised. THEY'RE A BUNCH OF BIG OIL NUTJOBS ON BIG OIL PAYROLLS!!!
WindFuels makes gasoline, diesel, etc. Check the research on dotyenergy.com before you spread FUD. It's not new fuel...
Algae has a LOT of it's own issues. I hate to quote the company I'm supporting here, but this site explains it all, and does so by referencing accepted scientific papers on algae industry leaders (references more than 10 papers): http://dotyenergy.com/Markets/Micro-algae.htm
Here's my favorite quotes: "That amounts to ~560 gal/acre/year of algae oil, which is an especially dirty, heavy oil that must be cleaned, hydrocracked, and refined into diesel" and "the annual operating and maintenance costs alone would probably be well in excess of the $600M ($14/gallon)"
Read that again. $14 a gallon in MAINTENANCE costs, not total cost for fuel production. Beyond that, we'd need millions of acres of temerate climate or indoor growth facilities, producing hundreds of billions of tons of algae a year in order to meet fuel demands. We don;t have that much good land, it can't be done year round, and we have nowhere to put the waste...
We're also talking algae being competition for oil at values not less than $800/bbl, given a few more decades of reasearch yet. Even the best systems being researched today, facilities that could generate 600 tons per day in usable fuel, scaled up based on available papers published from within the algae industry, would cost about $9 Billion to build. An equivalent WindFuels facility operating at 250MW would generate the same fuels with no hazardous byproducts for about $300 million.
Acxtually, a 5MW facility to make several hundred thousand gallons a day can be build for under 10 million. Capable of reclaiming 100% cost of construction and materials inside 3-4 years of operation...
The power sources are actually MORE efficient when making H2 as they energy does not have to be maintained in perfect 60Hz AC phase, and variable input is acceptible, unlike the power grid. in a nutshell, the hydrolysis chanber takes all the power the grid doesn't want or can;t use at that second in time. It IS free (and per Doty's research, at many time of day and in may markets, the power companies are actually PAYING people to use the power, or just using it to make heat blown into the air when all else fails.
Wind energy makes electricity which we use. H2 generation uses the wind energy we don;t use. Also, wind is REDICULOUSLY cheaper to build out than nuclear, and turbine towers have 150 year lifespans (25-40 years for the generator on it). Once built, there's not input cost to wind either, and no resources wasted.
The electrolysis chamber itself? you must have old reasearch. Makcin H2 is not that bad in terms of efficiency, and it;s been improved again dramatically by the technology Doty Energy patented. They've been granted over 60 world patents in the last year on this.
As for steel needed? it;s metal, we have a lot of it. a LOT of it....and it's 100% recyclable. Land? We're buuilding the wind plants anyway, the hydrolysis system only usesd energy generated the grid won;t use, so theres no addirtional land requirement. Also wind land is unobtrusive. 96% of it can be planted as farms, the rest people don't want to use anyway (mountain faces and such). A nuclear plant is near 0% recyclable, and takes MASSIVE acreage simply for security alone. That land can also NEVER be reused (not in our great grandkids lifetimes anyway). nuclear is also limited to secure areas, and is a constant threat on many levels.
Oh yea, then you get to deral with the nuclear waste...
And in the end, what? What are you going to use the H2 for?...and that H2 generated, exactly how do you THINK they're getting it? IT'S THROUGH HYDROLYSIS!!! nuclear power is simply STEAM POWER, you're just heating the water in a unique way. Some of the electricity made by the generator is spun off to turn some of the H2O into H2 and O2, that's all.... plus, having a giant H2 production system inside a nuclear reactor, no, that's not a risk is it?!?!
Why is giving a 4.0 to someone who completes the major projects and scores a 90% on a final exam a problem? Not showing up to class does not imply there is not a curriculum on some level that is completed, or, that a student can convince the professor that a vast and deep knowledge of the subject matter is already posessed.
The grade is not given for sitting through the lecture, it's given in recognition that the knowledge is in fact in your brain. HOW the knowledge got there is irrelevent, provided some proof exists that it is there.
How about a MUCH simpler solution, that costs about an order of magnitude less (it's competitive between $50 and $60/bbl), and is ready to go NOW.
WindFuels (dotyenergy.com).
Step one: Electronlysis (not only proven, but recently greatly improved process through patents by DotyEnergy: energy from wind + H20 -> H2 + 02 -> on-site low density very short term storage tank. O2 is sold to multipole industries for profit Step 2: some H2 + CO2 -> CO and H20 (H20 recycled for more electronysis) This is called Reverse Water Gas Shift (been used for 50+ years). Doty has also been granted multiple patents greatly improving this process. Step 3: RFTS: An improved version of Fischer-Tropsch Synthesis (als in use for more than 50 years) CO + H2 = FUEL! VERY HIGH QUALITY CONTAMINATE FREE FUEL.
This has been lab proven. ALL the science behind it is all IN USE TODAY, just not in a completely combined process.
Using off-peak wind H2 can be made at any pace power can be generated. Enough H2 can be generated in a few hours on nearly free electricity to run the plant for more than a day at full capacity.
Since the fuel is made from recycled CO2, the gas you burn in your car has effectively 0 additional CO2 output.
Actually, it's about 4 times more expensive than producing ethanol from anything... It also can't use any of our existing infrastructure for transport or pipelining, is extemely difficult to store (expensive containers that are massive compared to equivalent joule storage gas tanks let alone batteries, weigh many times more, and LEAK), is extremely dangerous, is extremely complicated, and the FCs require continual invasive replacement at MASSIVE costs.
The 95WattHr LiPo battery used in the Apple 17" PowerBook Pro notebook has a manufacturing cost (estimates) in the neighborhood of $40 per bettery. This includes all the components of the retail battery pack, which is more than an organized high cell count vehicle pack would be.
That's $16K or so for a 200 mile range on a vehicle requiring 200wH/mile. These are Li-Po batteries, and are significantly cheaper than Li-Ion, and have an over 1000 charge cycle life, also superior to Li-Ion.
However Li-Su (aka Sion batteries) have even more impressive results with additional lowered cost and higer density, and Li-Tit has the best overall stats so far being the lowest cost, highest yield, highest density, and after 500 charge cycles runs about 1% depleted range. They also charge in minutes, not hours, provided a proper 3 or 4 phase line access (you won't get one at home, a 3-4 hour charge is likely the best you can hope for there, but at a filling station on a freeway, 10 minute charges are very probably).
Li-titanate battery production in mass scale is expected to come online in 2011, putting over 1million batteries per quarter into circulation. Using nano created structures inside more advanced versions coming down the pipe, battery output can be increased dramatically.
Also, we're not using batteries as buffers anymore. High output capaceters are the answer there. These are relatively cheap and extremely liught weight. They can also be charge buffers for recyclic breaking energy.
EVs are the future, or at least long range EV with gas backup generators for traveling over 200+ miles in a charge. However, even if battery technology was on par with what we desire (close, but we need 10 more years to refine, then 10 more the scale production accordingly to bring costs into reason), our electric grid is 30 years and 50 trillion dolars from being adequate. We need an interim solution that's cheap, ready now, and low emission.
In case you haven't heard of it: WindFuels. (dotyenergy.com).
INVEST NOW and the IPO return could be 2 orders of magnitude, in 5-10 years. This sub $50million company has all the patents on provide billions of dolars of clean, cheap fuel, competitive at $60/bbl, and the industry would be monopoly proof which is even better! ALL our fuel can be made right here in the USA, and with 40% less CO2 emissions in the same cars we have today (through sequestration and re-use of carbon from coal into fuel)
Slashdot Mirror
You can't see, but I'm making a deep and formal bow in thankful acknowledgement.
No, it's not impossible for someone inside to write down data points, but they can't search the database willy nilly. In fact, 90% of them can't even make general queries, but only tie a number calling in to a screen pop, then validate the caller by entering data requested, and only then do they actually get a record...
Screenshots can't be taken from our citrix consoles (that was security 101 stuff we turned off). Screen capture on the remote desktop is also disabled by the security settings. Sure, some motivated person with access could pull some data, but thay can only see the last 4 didgits of SSNs and Credit card numbers. Detailed medical records are hidden from them, and can only be downloaded by approved personell. The purpose of the interface is to confirm information, not display it... and any access to detailed content is logged.
Go ahead, steal 300 numbers and sell them. pretty much guaranteed if those 300 numbers turn up stolen, and they back track, only 1 employee will have accessed all 300 records.
I did say we've had a few people we've caught collecting records. All of them serverd not less than 5 year sentences for illegally accessing governemt records. Now that the details of those arrests are part of our training, and people know how EASY it is to get caught, noone steals. (the 10,000 bounty for turning in a coworker doesn't hurt). A manager who failed to report SUSPECTED theft got fired... and that was in anternal audit (a rouse), not an actual theft. Out of millions of records, we've had a few slip, sure, but more slip at the doctors office getting entered in the first place.
Perfect security is an illusion, I won;t argue that, but even if a hacker could penetrate the workstation inside our secure network, then hack from their on a live session into the web server, that's it, that's as far as you can go. The java code on the web server is just a front end to an app on another server beyond a firewall, and getting from that web server to the AIX box running the app is, as far as the DOD is concerned, impossible... Even a penetration THAT far still won't get to the data as the app server runs a READ ONLY OS! The connection to the java app server is not a constant connection, but a single request session that terminates automatically after 90 seconds...
The ONLY way to get to the data with anything more than a single query, validated by not less than 3 pieces of data you need to provide, is to actually log onto the datbase server (OS390 host) directly. Good luck getting the admin password to log onto a mainframe, the su- password to run the data export app, and the passwrod the the databases all at the same time....
You're all also forgetting something crucial... THIS DATA IS ALREADY OUT THERE!!! It;s already maintained by local child service offices today. It's GOING to be maintained SOMWHERE, why not in the most auditable, secure location possible, instead of scattered aroud on a hundred easily hacked windows servers...
Those 390,000 people, some of them are already perverts looking for kids. And ALL of them ALREADY HAVE ACCESS TO THIS DATA, or at least, their LOCAL data, which is all they care about...
This is not a NEW dataset, it's only an EXISTING dataset CONSOLODATED behind BETTER auditing tools and more scrutinized secuirty.
leaving this data in small databases in easily hacked locations exposes it to people OUTSIDE the 390,000... at least we can limit it to a subset of perverts, and kjnow which ones accessed which records.
Also, do you think we'll just let tham search without cause, at random? NO you paranoid moron, they have to have data to FORM a query first... They need to match a name and number to GET at the data, it's not a fucking open searchable front end...
#12 Biometrics: Well, they're a failure allright, but not due to the technology, due to their failed implementation. Biometrics were NEVER intended to be a security device into themselves, but a SUPPLEMENT to a password. Your finger I can fake, your password i can steal, but getting both at the same time is a true challenge! A great idea that failed because people were idiots.
#11 Ubontu: Ubontu (desktop Linux in general) is simply ahead of it's time. Only with a fully supported industry rollout, targeted at specific uses, will Ubontu succeed in the future. Dell, HP, and others not only need to fully support it, and integrate a large number of their systems with it, but it also needs some standardization. As is the problem with most open source effoerts, it's a "we're not done yet, but lets put out another beta" cycle. An OS is not useful until we stop upgrading it long enough to get everyone used to what we've done. If we could simply polich off the OS, pick a FEW standard packages and default several of the tools and configurations, then STOP for 2 years, and only develop in the background, ubontu would get farther. The main reason we have never locked onto Linux desktops in our company is that they're a moving target. There's TOO much development in too many directions. If the community would simply work to finish off the core OS without adding gimmicky add-ons we might buy into it eventually.
10: Virtual Reality: It's there, and it's cool! Gone are the days of standing in that stupid ring thing, half the good 3D games out there fully support stereo 3D, and you can get a lightweight, comfortable headset for less than a 24" monitor costs. The problem is, the game content... few games really lend themselves to immersion other than FPS. The most popular games are all 3rd person or top-down views. Immersive 3D is actually boring after a while (and can leave a nauseating feeling as well). It's not a failed technolgy, it;s just that we developed it before we realized we didn't really want it.
9: Alternate Search Engines. This is not a failure of the industry, it's siomply because either MS Search or Google search are defaulted on everyone's systems. most people who use PCs are sheep, and only understand how to use what's turned on by default. IE isn;t the most used browser becuase it's the best, it's because many people just don;t know anything different... Also, Google actually produces good results quickly. Other engines do a good job, but they're graphic heavy, bloated with adds, and slow.
8: Voice Recognition: It;s not failed. It;s not gone. I use it every day, and it;s getting better fast. The problem is not getting the computer to recognize speach, the problem is getting people to speak in a recognizable fashion! I live in the south. Even I have a REALLY HARD TIME understanding people some days... However, I've been using the speech recco built into Word and also in my Mac for nearly 10 years. If you actually take the time to train it, use it consistantly (making it better), and speak with a normal (only slightly accented) speech, it does very well (99%+ accuracy, and the grammer checker picks up the rest). This is obviously something the reviewer used years ago and gave up on and has not seriously considdered since. We run several Voice Recco Websphere servers here as well, and they even do pretty good recognizing hard names, and a simple p% processor handles a few hundred consurrent voice calls, so the CPU is clearly not the bottlekneck.
7: Lisa: OK, so Lisa failed, but Lisa was NOT a product line, it was an introductory product. You could almost say the same thing about the Gen 1 iPods... They barely scratched the surface of the MP3 industry. but... the redesigned, cheaper Gen 2's took off! (aka Macintosh). The Lisa proved what computing COULD BE, then Apple took a step back and released commodoty hardware for the rest of us. Also remember, 10K was NOT out of line ofr a computer. In 1984 the only people looking at computers for home wer
I'll tel ya waht, on point 1: money laundering: It's a youth account, max number of withdrawls per month is like 1 or 2, and any large amounts passing through there are certainly going to be investigated. 2: you need to show up in person to create one, and you're going to need more than some data and some kid who may or may not resemble a description, you're need a birth certificate and SS card (here in the US anyway). 3: God PLEASE, let someone put large sums of laundered money in an account in my kid's name. I have 2 small kids, and i check their credit reports anually (at least!). If I found an account, I'D EMPTY IT, then call the police for follow up.
On point 2: 1 seeing a doctor isn't free. Even if you have my kid's personal info, you don;t have MY insurance card, and you'd have to pay the doctor, plus pay for the perscription. My local doctor knows me and the wife on sight, some other doctor is not going to hame my cards on file and will need you to provide such, wich you can't get from this database... Feel free to try to cheat the doctor that way. Good luck. besides, no doctor is going to issue a scrip just because you say so (well, at least not the ones you need to hack a database to get them to do that for you). Also, any good doc that sees a kid injured bad enough to need such a prescription likely is required by law to report it. Some random kid, left away from you for 20 minutes while you argue with the doc and security is likely going to spill the beans to another doc and get uo arrested. This is one of the more risky, and complicated, scams I've ever hear presented, and it saves you nothing since you can't access my money or insurance to pull of this scam...
3: If you knew anyone who ever has been convicted of child related issues, then you;d know this: That data is NOT a secret. It;s PROVIDED to the schools, local authorities, even some churches have access to child services data. This is NOT a secret people will pay to keep silent. Any parent who has some truly dreadful issues like sexual abuse of their own kids 1) doesn't have kids anymore and 2) is already listed in other publically available databases, so again, no blackmail opportunity. Also, several of these people are violent, raging lunatics, and would likely sooner try to have you killed than pay you. 99% of them are also dirt poor, so again, value for the effort vs risks? very poor investment of time and money...
This is not some small time shop writing a little database, this is THE government, not some local office, a government who has managed to keep state secrets for decades without leaks, a government who has hundreds of terabytes of data few have ever seen, a government who is VERY used to people trying to hack it.
Have you ever seen the Social Security database hacked? The IRS? The military ID central database? The DOD? Penetrations, yes, many years ago people did manage to get into those systems, but stealing large amounts of data? Even if you could get in, gain access to a database, pull a query, and start downloading, how far do you think you'll get? The firewall is going to cut your connection after a few dozen MB on the same stream anyway, and send up an audit alert... you can't DL the entire database, not even a part of it. Hacking the workstations? Good luck, they go through citrix anyway so they're not even accessing the data through their own browser. Internal users? It's hard to install a virus on a system that doesn't have web access, runs through multiple e-mail filters, and only accesses virus scanned file shares, and is so locked down by group policy you can't even adjust the screen saver settings...
It's not perfect, but again, THIS DATA ALREADY EXISTS IN MULTIPLE LESS SECURE PLACES, consolodating it is FAR more secure than leaving it to it's own. Most child services offices are grossly underfunded, and commonly have their local data in a single user access database of simple SQl engine running on an XP workstation with a tape drive... Taking this data from them is somehting we SHOULD be doing!
We detect a hacked of infected machine somewhere in our network DAILY. We have CIA, FBI, and DOD personell here weekly back tracking audit logs and trying to determine if a breach happened or not. We're VERY certain we've never had a breach.
Also, we've never seen or heard about a bot that can intercept data from a remote SSH connection to a web API. Yea, you can build a keylogger, but you'd have to know the site's design in order to know what to pull, which at the least requires inside knowledge of our java app design (which changes about every 6 weeks). Also, 90+ % of our cases are opened by incoming callerID, and it's all screen-pop oriented. End users can only enter data into key fields, they can't fill in a complete form, so the only data you can steal via key logger is the account number or the name, not both, and possibly a phone number... We don't use SSN as a key field. none of the medical information is ever typed in by an end user.
Much the same would be true for child services. They'd have a few more search fields to put data in, but the data that comes back can't be used by a key logger.
Add a layer of security and restrict web access from a citrix console and that avenue of attack is no longer useful.
Trust me, we host the personal and medical data for a few dozen million people, including every person who's been in the military since the mid 70s. We're CERTAIN you can't get our data with a bot on a workstation at this point. We can't prevent agents from writing data down and selling it in other ways (we've caught a few over the years doing so), but 1 person and a pen stealing credit card numbers is almost meaningless. you're 1000 times more likely to be a victim of identity theft by someone stealing your outgoing mail in your mailbox with the flag up...
A business account TOS and a residential accoutn TOS agreement are 2 very completely different things... and also the bill you get for that 6MB business DSL is about 3 times the price.
AT&T may be fine with your current use, but likely that's because they have NO IDEA what you're doing... They're not interested in blanket scanning their network for people who host a simple server for personal use. Your internet load is minor by comparrison even to a casual torrent user. ...but, as soon as they decide otherwise, as soon as they confirm you're running a server (if they ever do), and if they DO care to collect, 1) your service will be cut, 2) you'll be back billed for their equivalent, undiscounted, business tier service connection, plus late penalties, interest, and additional charges.
I've seen 3 people I know personally get nailed by their ISPs. Time Warner came after one guy i knew who had been a customer for 6 years. He was not a heavy user, BUT, he pissed off the wrong guy in support one day and inadvertantly mentioned he was calling because his service quality was causing his server to miss e-amils. He was paying $30 a month over those 6 years. They back billed him for close to $15,000 in service fees ($240 a month for business connection at his bandwidth tier), then tacked on interest and panalties. The final bill was over $30,000. By the time their lawyer (and his) were done, he settled for $6,000 and was banned as a Time Warner customer for 10 years. in the meantime, DSL was not available in his area, so he had to move in order to keep his job with his company as internet access at home by IT staff is clearly a requirement.
2 others i know did better, only paying 2 or 3K in back service fees and loosing their connections.
ESPECIALLY in this bad economy, and ESPECIALLY with AT&T who is HEMORAGIN money from their home phone unit and can really use the cash from DSL to make it up, I would not challenge them.
A simple home server is one thing. Portal access, RDP, these things are not generally considdered "servers" Your personal e-mail server in essense can be considdered a "dedicated client" and realistically is no different from using outlook to download e-mail from a push server, as long as you;'re only hosting your own e-mail accounts. Even a personal file share server is no different than hosting a local file share and opening the port in your firewall, again, as long as noone other than the people in your house access it.
but, as soon as you start providing a "service" to anyone else, even for free, and even if those people are also AT&T custoemrs, you;re crossing a line that they bill lots of money for... and they may come to collect.
Again, Residential does not equal business. if you have a business line (I did for a while) then you can do whatever you want with it, including profit from it.
So, you propose to steal the data as it's being entered in remote offices before it's uploaded?
Well, with a web API over SSH that means you're talking about a keylogger, since any other way to steal that data requires you to have access to an application or a local dataset, neither of which exist. I really could give a crap about keyloggers, since you can already steal that data simply by hacking the PARENT'S COMPUTERS. That's nothing new, it is not an ADDED risk.
What you're saying, in a nutshell, is that data in any form is unsafe anywhere, regardless of wether it's centralized or not. There is no answer to that, but it's also UNAVOIDABLE. The data WILL exist somehwere, it simply HAS to. (unless you're suggesting we take the entire government back to paper and secure point-to-point fax machines and throw out all the computers).
We MUST have the data somewhere or the danger is much greater (mishandled children, lack of access to missing persons data, inability to match children to parents, inability to track troubled parents from state to state, inability to centrally documented court interactions with parents, these are all MUCH bigger problems than the risk of data theft of priomarilly useless and invaluable data!)
If the data IS centralized, then we have a single secure repository. This provides multiple advantages. Cost (fewer servers, fewer admins, consolodiated licensing). interoperabilty (everyone's on the same code base). Audit (every access from every point is monitored, further, we can scrutinize the security level of the guest machine logging in). security by scale (big databases are on big iron, and enterprise class systems and security, scattered regional databases are on back offince machines with little or no regulated security.) Reliability (big massively redundant clusters on UNIX or OS390, not simple machines runnin Windows).
Let's not loose sight of this fact: THIS DATA ALREAYD EXISTS, we're simpy securing it centrally under government security regulation and audit. IT'S ALREADY OUT THEiR, UNSECURE TODAY. The security can't be perfect, but it's an order of magnitude better than today. Oh, btw, most common method of access from remote sites: Citrix. go on, install a key logger in my virtual desktop image... Hack the remote PC all you want, it won;t get you into the citrix system, and even from there you still need the account credentials to log onto the internal web server...
Again: my firm processes 7 billion medical transactions per quarter. We have thousands of tapes coming in and out of the building weekly, we have hundreds of throusands of people interacting with the medical records, processing payments, transactions, medical history files, and more, most in real time. We are under CONSTANT attack from viruses, botnets, and hackers. NEVER ONCE have we been breached. DAILY one of our systems is infected, but you can;t get the data by infercting edge systems, you have to infect the core, which is still 3 firewalls and 2 alternating operating systems away.
Name 1 virus that can hack a Windows PC, from there hack a Citrix console, from there Hack a Redhat web server, from there hack an AIX application server, and from there hack a DB2 or Oracle database on a mainframe... and EACH SYSTEM TIER uses seperate administrative credentials! Even the best hackers in the world can't accomplish that in person, no simple bot can do it.
Want to collect the data by infecting 1 million point systems, fine, you can ALREADY do that... We're just making a system that solves otehr BIGGER problems, without increasing the security risk level (in fact, it;s better than it is today by large margins).
Linux HAS a place in the desktop, and it's not going away anytime soon. In fact, many companies, including ours, and many government office are planning migrations soon.
You see, most of our datbase apps now live in Java, and by seperating the user front end from the database server by yet another layer (user -> Web server -> App server -> DB) you improve security and improve auditing and reduce costs.
Pre-built (aka Dell and company) linux boxes don't have driver issues, everything work sout of the box. They're supported operating systems and for web use, e-mail, and document processing (which most governments are actually requiring OpenDoc or similar formats now), it's all good. Plus, Users don't know how to fiddle with Linux, so finding users who have bypassed security rules and installed dozens of little apps, screen savers, and other virus risks doesn't happen. It also doesn't require hardware granphics like Windows Vista and 7 do, so they run on more comodity hardware.
For home users, the $300 PC and laptop market is booming. Again, pre-configured out of the box, no real issues. Most software they can buy off the shelf (AV, Office etc), run on it pretty much as is.
Also, there's the Apple effect. The more they become popular, the more companies are pouring software monet into OS X, which once you're there is not difficult to port to Linux (far easier than porting to Windows).
As a company, we're moving to zVM. Suse or Redhat enterprise virtualized on IFLs on our Mainframes. Any packages that currently require Windows OS to run are being re-written for Linux. Anything already in Java is being ported over. Anything that can't be is being replaced by somehting equivalent that can be.
Linux is NOT ready for joe-bob-PC-moron to install on his own home PC as a second OS. Linux is NOT ready for true power users who require high end apps like CAD, image editing, publishing, etc. Linux is NOT ready for the OS tinkerers who don;t already read code and understand Shell. Linux is NOT ready for the bulk of home users. Linux is NOT ready for SMB. Linux is NOT IDEAL for people who share data and programs with lots of other people who are not also on Linux. Linux is NOT ready to bring into your house to be compatible with evertything else you already own.
Linux IS ready for any PC user who's never seen a comand line and who use only the most basic features of a computer (provided it comes pre-installed and supported by the hardware bendor). Linux IS ready for enterprise (all our admins already support it on the servers, the desktop is a natural leap). Linux IS ready for the general user base. Yes, it can be improved (dramatically), but it WILL grow, and it is here to stay. It will likely play second fiddle to Apple for another decade, but it is here.
I don't doubt that would be an issue. Training someone to work securely is complete bunk.
However, managing a massive server farm that processes 7 billion medical transactions per quarter, and stores data for nearly 1/4th of all americans and the entire military, I can say providing data security is actually pretty easy: simply architect the database in such a way as it is impossible to export the entire data set except for a few key system and DB administrators. In our DECADES of processing transactions, we have never had a breach. We're under CONSTANT DDoS and hacking attacks. Half the world is TRYING to steal our data. We have DOD, CIA, and FBI here weekly researching attempts. Not ONCE have we lost data. We ship thousands of backup tapes out of our data center every week. Not on ever lost.
Line level employees can only access a record given the key; SSN plus phone number (via routed caller ID signals, not typed in) plus pin#; SSN plus account number plus pin number; SSN plus DL plus full address, etc. Searching for records by only name, address, or SSN alone is not possible. Dumping more than 1 record at a time is not possible. There's no database app on their machines, only a web portal to an app on a server behind a firewall, that server communicates with the actually application engine on another server, and that server is firewalled off from the DB server. The app on the app server has very limited ability to access the database, only programmed queries that meet minimum validation.
For the child services dept, they would have to do searches occasionally, but even the search should only reply with a simple list, containing only 2 or 3 vlaues foe each returned result, and that list should not be exportable, and should be limited to say 100 results. End-user hacks, or data theft from the client side should be basically worthless.
If the end users can't GET to the bulk of the data, they can't steal it (or get hacked by someone who could).
A 3 tier network architecture prevents direct access to the database. Individualized user password access makes the process auditable. DB dumps can only be perfomed on the DB server directly, logged in as non-root administrators, and even those dumps should never be uses for more than migration, backup, or test lab use. Keep in mind, databases of this saze are NOT hosted on Windows boxes in some closet... They're on massive AIX Oracle clusters, or on Host systems. Those systems are not vulnerable to hacks as they have do direct outside connections, and are hardened UNIX operating environments.
Great, you've got 390,000 users. They can't get to enough of the data to steal it...
Maybe you've got about 100 developers. They use dummy data, or exports of the DB that have run through a name and SSN randomizer (we do that here). they can't steal the data.
You've got 10-20 admins who maintain and back up the server; they're all security minded highly trained IT folk, and are told their actions are audited. They're the only ones who could steal the data, but we'd know if they did and they know that too.
Where big data breaches have happened in the past is when executives have gone plugging around town with dumps from some tool to an Access database. Others have been data tape thefts, but they've been small time shops compareds to this. Even if you can steal some of my TSM tapes, where are you going to load them to get the data off??? The drives cost $25K each, not to mention hundreds of grand worth of licensing and AIX servers to control the drive. These are not some cheapo LTO tapes... and these tapes, they're logged by a librarian, boxed by paid security staff, and a chain of custody in locked tape boxes passes through 3 people before the box gets to the front door, and then it's handled by armored car... 3 of them actually, and tapes from the same tape set are allways divided across the trucks, so even knocking off a tape truck does not get you a data set that can be stolen. Oh yea, the 256bit AES encryption is a bugger too!
good or bad, the worst thing a data breach of a major database hasd caused is a small percentage of identity theft and a whole lot of spam...
What can crooks really do with information about your kids, honestly? Names, addresses, data on the parents, this information is tailored for child services folks. There's not much in it that's useful!
You can't open an account in a childs name except a savings account. What are they going to do, deposit money in your kids name? Even if they did manage to steal this database, and then do something to a kid's credit file with it, all you have to do is show up in person to a bank with your child, or send a fax to a credit bureau, and all references to any activity are removed and any banks that allowed those accounts to be opened get a nasty fine.
The sickos that might want access to this data don't need it. They all either pray in their backyards, or online, and data from some repository isn't going to help them figure out if the kid they're talking to in a chat room is on the list or not from a username.
This data is WORTHLESS to theives except for the fear factor that stealing it causes in the sheep.
http://worldnet.att.net/general-info/terms-dsl-data.html#useserv
AT&T's DSL service agreement, section 10; be Fair subsction b.: You may not use your Service connection to host a DEDICATED INTERNET server site. (emphasis mine).
The AT&T iPhone agreement however states: "Examples of prohibited uses include, without limitation . . .downloading movies using P2P file sharing services, redirecting television signals for viewing on Personal Computers, web broadcasting, and/or for the OPERATION OF SERVERS, telemetry devices.... " (emphasis mine).
In the case of DSL, you CAN run a server, just not a dedicated internet server site. A Remote access server, personal FTP server, even a web or file server you run occasionally, even "most of the time" can not be considered a dedicated server. Knowing that, on Wifi, within your home, you could run a server on the iPhone, which by sheer definition can not be "dedicated" as any call, or the use of another app would cause the server to go down. You can use the iPhone as a server since it is behind your personal DSL service.
However, being a server you can not use it on AT&Ts open 3G network without violating the iPhone TOS. It will be interesting to see if this app will be enough of a drain on AT&T for them to target its use, or to see if they'll persue Apple to pull if from the store.
I usa a nifty program called Dicenomicon. One of it's features is to run a web server so you can program dice algorithms through your PC and upload new programs, images, and more to the phone's app. I noted it not only presents a WiFi IP address, but also a blueTooth and 3G address as well. I can not connect to the 3G address in any way I have tried. i don't know if this app also behaves the same.
My meter is read digitally, has been for 4 years. No one comes to my house. I'm not using BoPL.
We choose water over soda. We don't eat great food, but saving $3 a day by not drinking sodas, and drinking filtered water (or tea, or sometimes kool-aid) lets me afford a bit better food. It adds up quick. The kids get OJ from concentrate in the morning, which is actually pretty cheap (a gallon for about a dollar), and comparitively not really different from the good juice brands (only slightly on taste, but they donlt know any better, and it;s a LOT better than the crappy juice they drink at school).
Pasta is REAL cheap, cheaper still is you batch cook vats of your own italian sauce :) That's one of our staple foods...
Lean meats are expensive... yes. boneless even more so. Steak we can get in bulk from a butcher for about $3 a pund, cut it and freeze it at home, and some of that is high quality stuff, typically $7 in the grocery store, the rest I grind. Chicken, there's really no way to get quality chicken cheap. it's either crappy, fatty, and injected, or $5.49 a pound... Instead of cooking chicken at home, I buy pre-cooked, fresh, hot, whole roasted birds for $4.99 at Krogers on the way home!
Hot dogs are also cheap. i try to buy the better (read sausage) dogs when I can (2 for 1s, they're not a bad deal, and taste WAY better).
Pizza is also a staple. Not really that bad actually is you ask them to go light on the cheese and heavy on the veg... I can't cook home made pizza for less than i can buy one nowadays, so we don;t try. (besides, home ovens just are not designed to make a good NY pizza).
Carrots themselves are pretty cheap here, about $1.79 a pound, but carrots don't get eaten plain in most households... They're a pretty bad snack (actually nutritionally on their own they are not really that good aside from 1 vitamin and some fiber). Typically though, they're dipped, and whether that be penut butter, ranch, or some other dip, it's REALLY high in calories...
Apples are about $4 per pound, bananas are pretty cheap too, compared to both weight or volume of doritos. However, popcorn, with light salt and lowfat topping is a pretty hard to beat snack.
i limit chips in the house. The only candy they get is what they earn with chores and good behavior, and for holidays (haloween candy lasts us MONTHS) Hummus and other similar dips with pita bread are common in my house, and whip up in seconds in a blender and keep for a week. Cheese we avoid now both due to calories and cost. The kids won't eat crackers and vegies like the wife and I will sometimes. Cereal is a common snack, and pretty cheap.
Remember, snacking is not about weight, it's about volume, and staving off a craving until a meal. Chicken is a meal, not a snack, and around here, it's $5.49 a pound minimum, unless you buy the real fatty, fluid injected, frozen patties, which are still pricy, or unless you find a good sale. I can get a whole already roasted and seasoned chicken for about $5 that feeds 4 people on my way home from the grocery store, whip up some instant potatoes or some rice, and a can of green beans, and I've got a great meal for the family for $6. i can't come CLOSE to that cooking at home with lean chicken. Even a whole frozen chicken costs more... The calorie content of roasted chicken is better than fried, but it's not exactly lean...
Why don't i cook more? mostly time. I have 2 kids, and run from location to location all night until about 8PM. We have about 1 hour to cook, eat, clean up, and change, then get out of the house again between 5:30 and 6:30PM most nights. Cooking, even "quickie" meals is typically not an option, and the kids are not old enough to cook for us. We try to eat at home, but prepared meals are the norm unless we have leftovers from the weekend. Crock pots, baked foods, grilled meat (except suasauge or hot dogs); there simply isn't time. At least they're burning the calories in sports, dance, skating, etc. The wife hits the gym 2 nights a week for about 90 minutes while the little one is in dance class, and i pump some weights at home later in the evening when things settle down, but doing a formal family dinner at the table just isn't in the cards for us now. There are VERY few recipies than can be cooked in 20 minutes or less that are healthy and don't involve expensive ingredients like fish. When both kids are in high school, that might be different. We could do better, we could spend more time at home as a family, but then the kids would not get the exposure, learning, and excersize they get now, so which is better? They're not fat, not even close; I think we're doing good.
Folks I know who are poorer than us have a different issue. The kids stay home, and both parents work 2 jobs. One of them comes home long enough to hand the oldest kid (or a babysitter) some food, or some cash, and they're gone again. Absentee parenting. Do they have a choice? Not really.
I agree, in general. I also think that 0.25% sales tax isn't going to make anyone blink... $0.01 on a $4 bag of Doritos is not enough to discourage it's purchase.
If they want to be serious about this, instead of a simple money grap people will hesitate to object to, we should be talking a $0.10 per serving tax on prepared foods and canned beverages, and $0.20 per serving on fried items, candy, and other extremely unhealthy foods. (where a serving is defined by a standards body, not currently how it is defined by the manufacturer to make the calories per serving look more appetising). That way we'd be talking $0.10 for a can of soda. $1 for a bag of chips. $0.70 for a large meal combo an McDonalds. Etc. That would be enough to shift the cost more dramatically, and also provide subsidies to healthy foods to compete better.
This dramatic increase in tax could help lower the sales tax on all other food by 1-2% across the board, or better yet, waive sales taxes altogether on foods considered healthy, and on ingredients for foods prepared at home.
A BIG reason families don't cook and eat at home, or eat halthy at home when they do, has very little to do with cost for most households. It has to do with 1) time, 2) skill, and 3) Planning, and 4) simply being home in the first place. Cooking not only takes money, (which often does cost more than bulk prepared food like $5 pizzas), but it also takes time. Time shopping, time preparing, time cooking, time cleaning. Especially in the poorer households, where both parents may work multiple jobs, this quite planly is difficult. Cooking also takes more than ingredients, as it takes working appliances, tools, spices, etc, which are typically not factored into the daily shopping bill. Other families, especially with kids, are simply out and about, shuffling between day care, team sports, dance class, after school events, and trying to fit daily erands and seeing other members of the family in. When cooking does happen at home, it's the 1-pan style cooking like (hambuger helper, which can feed 4 people for about $4, and which a 10 year old can cook.) Cooking skill, and a solid set of recipies is also a drawback. Even my wife and I get bored of home cooked foods, not because we don;lt have the skill, but because we rarely pre-plan our recipies, and end up eating the same things frequently.
Plus, simple distractions have ruined more dinners that I can count. A doorbell rings and you get held up and burn what's in the pan, or get distracted from the grill. Work intervenes and you never make it home in time to cook what you thawed, plans change and for a few days you can't eat at home, then your fresh food spoils... I probably ruin or throw out $20 a week in ingredients.... maybe more. I've had weeks where I've thrown out $50 in meat and vegetable before, sometimes because it simply never makes it from the store to the freezer in time (a major drawback to buying in bulk). Sometimes I've had meat spoil before I ever got HOME with it due to life intervening. i had to spend $200 on carpet cleaning in the car due to that once before as well.
also, I donlt know what home cooked mac-n-cheese you make, but the recipie I have is about 4 times the cost of even the good Kraft brand with the liquid cheese pack. I spend about $15 to make a pan of it... Even my "cheap" stews and soups cost more than what I can get pre-made in a can.
I'm just saying, there are a LOT of reasons beyong price that people don't eat helthy. I agree, you can eat healthy for a LOT less than you can eat at McDonalds, but you can't always eat helthy in your kitchen...
On a seperate note: taking the video games is BS. Studies prove that even non-exciting games keep a child's heart rate and metabolism running at much higher levels than watching TV. no, you're not going to get the same results from being outdoors, but I can't let my kids out on their own in my neighborhood, they must be watched, and i can't do that 3 hours a day... Video games are some of the
typo: for the promise you don't HAVE to show up to class... my fault.
I've seen cases as well where collegues of mine double and tripple booked classes, same day and time, after working with a professor or three.
They take 1 class they can't outright exempt, or feel they really need, and schedule 2 other classes under "learn from home" special arrangements with the profs. The profs know they don't need the class, give them an exam on day 1, or ask for a body of proof of effort in the field, validate their knowlede, and give them a 4.0 before class ever begins. Then you don;t show up to class and get a 4.0.
Other times I've seen proffs understand that life is intrusuve, and taking time to take a class they know you don't need, but the university policy insists on, well, they just let you slide, provided you get good marks on the exams. By telling you to not show up at all, other students who fall under "required attendance policies" are none the wiser.
You might want to actually follow the link to the resources provided. The data is from the algae industry experts themselves, and most was very recent, including data as early as late 2008 and early 2009.
petrosuninc may be operating a plant, sure. Honda is building fuel cell vehicles too... the cars cost OVER $1M without the government subsidies! petrosuninc is using government funds to offset their costs. They're also a research firm. Sure, they're selling fuel, but they're selling it under cost (they do have to do SOMETHING with the gas after its made, and noone's going to pay $14 a gallon. look at the real numbers, not the marketing fluff... In NJ I can get solar panels on my house for a few thousand dollars and pay them off in 6 years. Same solar panels in SC cost 6X the price, and have a 31 year payoff, in a BETTER sun zone. That's due to the subsidies. Those government subsidies are fine when 3,000 people get fuel from it. When 300 million are, who's going to pay for it?
I don;t care WHERE you grow tha algae... you still have billions of metric tons of waste to deal with... only 34% of the mass is oil, and it;s DIRTY oil that requires expensive processing to be used in cars and creas tons of highly dangerous byproducts.
The DOA also said we could get H2 for $3 per gallon equivalent by 2010 too... They also said we'd not go over $2 a gallon for gas before 2018. They also said fuel cells would be economical by 2009. The technology HAS improved since the DOE made it's statement, but it's imporved marginally, not by the 2 orders of magnitude required to meet the $3/gallon line. Also, other costs have spiraled upwards.
Before you debunk my data, I suggest you read the sources I referenced you to. Since you;re too laze to click 1 link and ready the article I suggested, here's it's own sources for you:
Biodeisel from Algae at $33/gallon, Feb 2009:http://www.greentechmedia.com/articles/read/algae-biodiesel-its-33-a-gallon-5652/
Article by Bob Grant, chief scientist working on het fuels under AirForce grants, and one of the leading scientists in the entire Algae Oils field:
http://www.the-scientist.com/2009/02/1/36/1/
Keynote Address Photosynthetic Biohydrogen, Paul D. Frymier, Department of Chemical Engineering, University of Tennessee:
http://aiche.confex.com/aiche/2008/techprogram/P134919.HTM
GreenFuel Technologies: A Case Study for Industrial Photosynthetic Energy Capture
Krassen: March 2007 http://www.nanostring.net/Algae/CaseStudy.pdf
Carbon Recycling Forum, Department of Energy: Sept 2008: http://www.netl.doe.gov/publications/proceedings/08/H2/index.html
A history of the US DOE's Algae Research, publiched by NREL: http://www.nrel.gov/docs/legosti/fy98/24190.pdf
There are more citations available on dotyenergy.com. They all back up the extreme costs and failed research and failed promises. Considder the source man, the DOE has continually lied and lied and overpromised. THEY'RE A BUNCH OF BIG OIL NUTJOBS ON BIG OIL PAYROLLS!!!
WindFuels makes gasoline, diesel, etc. Check the research on dotyenergy.com before you spread FUD. It's not new fuel...
Algae has a LOT of it's own issues. I hate to quote the company I'm supporting here, but this site explains it all, and does so by referencing accepted scientific papers on algae industry leaders (references more than 10 papers): http://dotyenergy.com/Markets/Micro-algae.htm
Here's my favorite quotes: "That amounts to ~560 gal/acre/year of algae oil, which is an especially dirty, heavy oil that must be cleaned, hydrocracked, and refined into diesel" and "the annual operating and maintenance costs alone would probably be well in excess of the $600M ($14/gallon)"
Read that again. $14 a gallon in MAINTENANCE costs, not total cost for fuel production. Beyond that, we'd need millions of acres of temerate climate or indoor growth facilities, producing hundreds of billions of tons of algae a year in order to meet fuel demands. We don;t have that much good land, it can't be done year round, and we have nowhere to put the waste...
We're also talking algae being competition for oil at values not less than $800/bbl, given a few more decades of reasearch yet. Even the best systems being researched today, facilities that could generate 600 tons per day in usable fuel, scaled up based on available papers published from within the algae industry, would cost about $9 Billion to build. An equivalent WindFuels facility operating at 250MW would generate the same fuels with no hazardous byproducts for about $300 million.
Acxtually, a 5MW facility to make several hundred thousand gallons a day can be build for under 10 million. Capable of reclaiming 100% cost of construction and materials inside 3-4 years of operation...
The power sources are actually MORE efficient when making H2 as they energy does not have to be maintained in perfect 60Hz AC phase, and variable input is acceptible, unlike the power grid. in a nutshell, the hydrolysis chanber takes all the power the grid doesn't want or can;t use at that second in time. It IS free (and per Doty's research, at many time of day and in may markets, the power companies are actually PAYING people to use the power, or just using it to make heat blown into the air when all else fails.
Wind energy makes electricity which we use. H2 generation uses the wind energy we don;t use. Also, wind is REDICULOUSLY cheaper to build out than nuclear, and turbine towers have 150 year lifespans (25-40 years for the generator on it). Once built, there's not input cost to wind either, and no resources wasted.
The electrolysis chamber itself? you must have old reasearch. Makcin H2 is not that bad in terms of efficiency, and it;s been improved again dramatically by the technology Doty Energy patented. They've been granted over 60 world patents in the last year on this.
As for steel needed? it;s metal, we have a lot of it. a LOT of it. ...and it's 100% recyclable. Land? We're buuilding the wind plants anyway, the hydrolysis system only usesd energy generated the grid won;t use, so theres no addirtional land requirement. Also wind land is unobtrusive. 96% of it can be planted as farms, the rest people don't want to use anyway (mountain faces and such). A nuclear plant is near 0% recyclable, and takes MASSIVE acreage simply for security alone. That land can also NEVER be reused (not in our great grandkids lifetimes anyway). nuclear is also limited to secure areas, and is a constant threat on many levels.
Oh yea, then you get to deral with the nuclear waste...
And in the end, what? What are you going to use the H2 for? ...and that H2 generated, exactly how do you THINK they're getting it? IT'S THROUGH HYDROLYSIS!!! nuclear power is simply STEAM POWER, you're just heating the water in a unique way. Some of the electricity made by the generator is spun off to turn some of the H2O into H2 and O2, that's all.... plus, having a giant H2 production system inside a nuclear reactor, no, that's not a risk is it?!?!
Why is giving a 4.0 to someone who completes the major projects and scores a 90% on a final exam a problem? Not showing up to class does not imply there is not a curriculum on some level that is completed, or, that a student can convince the professor that a vast and deep knowledge of the subject matter is already posessed.
The grade is not given for sitting through the lecture, it's given in recognition that the knowledge is in fact in your brain. HOW the knowledge got there is irrelevent, provided some proof exists that it is there.
How about a MUCH simpler solution, that costs about an order of magnitude less (it's competitive between $50 and $60/bbl), and is ready to go NOW.
WindFuels (dotyenergy.com).
Step one: Electronlysis (not only proven, but recently greatly improved process through patents by DotyEnergy: energy from wind + H20 -> H2 + 02 -> on-site low density very short term storage tank. O2 is sold to multipole industries for profit
Step 2: some H2 + CO2 -> CO and H20 (H20 recycled for more electronysis) This is called Reverse Water Gas Shift (been used for 50+ years). Doty has also been granted multiple patents greatly improving this process.
Step 3: RFTS: An improved version of Fischer-Tropsch Synthesis (als in use for more than 50 years) CO + H2 = FUEL! VERY HIGH QUALITY CONTAMINATE FREE FUEL.
This has been lab proven. ALL the science behind it is all IN USE TODAY, just not in a completely combined process.
Using off-peak wind H2 can be made at any pace power can be generated. Enough H2 can be generated in a few hours on nearly free electricity to run the plant for more than a day at full capacity.
Since the fuel is made from recycled CO2, the gas you burn in your car has effectively 0 additional CO2 output.
Actually, it's about 4 times more expensive than producing ethanol from anything... It also can't use any of our existing infrastructure for transport or pipelining, is extemely difficult to store (expensive containers that are massive compared to equivalent joule storage gas tanks let alone batteries, weigh many times more, and LEAK), is extremely dangerous, is extremely complicated, and the FCs require continual invasive replacement at MASSIVE costs.
H2 will NEVER be used in a car you drive. EVER.
The 95WattHr LiPo battery used in the Apple 17" PowerBook Pro notebook has a manufacturing cost (estimates) in the neighborhood of $40 per bettery. This includes all the components of the retail battery pack, which is more than an organized high cell count vehicle pack would be.
That's $16K or so for a 200 mile range on a vehicle requiring 200wH/mile. These are Li-Po batteries, and are significantly cheaper than Li-Ion, and have an over 1000 charge cycle life, also superior to Li-Ion.
However Li-Su (aka Sion batteries) have even more impressive results with additional lowered cost and higer density, and Li-Tit has the best overall stats so far being the lowest cost, highest yield, highest density, and after 500 charge cycles runs about 1% depleted range. They also charge in minutes, not hours, provided a proper 3 or 4 phase line access (you won't get one at home, a 3-4 hour charge is likely the best you can hope for there, but at a filling station on a freeway, 10 minute charges are very probably).
Li-titanate battery production in mass scale is expected to come online in 2011, putting over 1million batteries per quarter into circulation. Using nano created structures inside more advanced versions coming down the pipe, battery output can be increased dramatically.
Also, we're not using batteries as buffers anymore. High output capaceters are the answer there. These are relatively cheap and extremely liught weight. They can also be charge buffers for recyclic breaking energy.
EVs are the future, or at least long range EV with gas backup generators for traveling over 200+ miles in a charge. However, even if battery technology was on par with what we desire (close, but we need 10 more years to refine, then 10 more the scale production accordingly to bring costs into reason), our electric grid is 30 years and 50 trillion dolars from being adequate. We need an interim solution that's cheap, ready now, and low emission.
In case you haven't heard of it: WindFuels. (dotyenergy.com).
INVEST NOW and the IPO return could be 2 orders of magnitude, in 5-10 years. This sub $50million company has all the patents on provide billions of dolars of clean, cheap fuel, competitive at $60/bbl, and the industry would be monopoly proof which is even better! ALL our fuel can be made right here in the USA, and with 40% less CO2 emissions in the same cars we have today (through sequestration and re-use of carbon from coal into fuel)