Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
A major factor in designing any system is taking careful analysis of the risks and considering the cost of avoidance/mitigation with the cost of risk realization.
Analyze the cost of the risk occuring, the likelihood of that occurance, and the overall expected cost of the risk.
Now consider how expensive it would be to mitigate that risk. If the cost of mitigation is greater than the expected cost of the risk, you are better off putting your money elsewhere. (This assumes that you have fully analyzed the risk and considered ALL costs in your evaluation.)
When it comes to computer parts, sometimes you go down the route of 'trusted foundries'. However, that is an EXPENSIVE route. You will often find that you can plan around the risk, or you might be faced with the fact that your system is just too dangerous to operate given your original CONOPS.
Rough Example: You need a data store, but you can't be completely sure that the hardware in that data store doesn't have a backdoor that would allow remote access to the data stored in that system.
Options:
1. Build the hardware using a trusted foundry. This is expensive, slow, and often behind the latest tech.
2. Rebuild the industrial capability in your country to manufacture the hardware. This will take a while. Also, why should you trust it just because it's in your country? The only thing this helps is to ensure that you can build replacement parts. (until the factory is bombed)
BUT WAIT!
Why not reevaluate your design and see if you can mitigate this risk with some design changes?
Encrypt the data before it crosses into the domain of the suspect system rather than encrypting it in place after it enters into the domain of the system. Now you don't have to care about the potential for that aspect of the backdoor, and it cost you a hell of a lot less than sourcing from a trusted foundry.
Obviously there is a lot more that most backdoors will allow other than just pulling data. The point is that once you start getting to the point that you are strongly considering using a trusted foundry, it is critically important that you evaluate your design because there are often ways to render the threat moot in design, rather than trying to completely trust your supply chain all the way to the end user.
I once had to design a system that needed to support the same radios for 20 years. Did I enter into a contract with motorola to keep a manufacturing line up during those 20 years? Nope. I analyzed/tested to see how they would handle sitting on a shelf. Pre-purchased enough radios to handle the expected DoA/Spares/need for 20 years. Since I only needed 100 of them, that was an option. If it were 1,000,000? Well, then Motorola might have considered keeping that line open on their own dime.
The point is, understand your design, and try not to paint yourself into a corner where you NEED to care about such a situation.
I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.
That's a bit disingenuous. You can't pick out a single stage of the process and compare that while ignoring everything else if you want an honest assessment of the efficiency.
The reason I focused on a single stage of the process is because the post I was responding to was discussing the relative waste of transmission line or truck delivery. Total system efficiency is certainly something worthy of discussion, but that wasn't the point of discussion. Everything that occurs before, and everything that occurs after is irrelevant because the point of discussion was loss during transmission.
In reality the destruction of a dam holding back that much water would wipe several cities off the map as the wave + flood took out city after city that was downstream...
I'd be surprised if a nuke could break a dam. Aren't most dams little more than wedge shaped blocks of concrete?
I departed from Munich for the US in 2007 and had to pass through three nearly identical security checkpoints. (basically security metal detector lines 3 times).
It was very odd, the only thing I can think of is that my terminal was nested. ie: first line was for all europe flights, second line was for international, and the third line was for US destinations. ie: had I just been going to Paris, maybe I would have only hit one line?
I contend that the core had cooled and was emitting no gases so the air 'evaporated'. I believe that our hot, steamy core is what regularly replenishes our atmosphere, and is made breathable by plankton as it bubbles up from the sea floor.
Volcanism is responsible for a great portion of our atmosphere. Early life cracked carbon dioxide and increased the oxygen content of the Earth. This early oxygen was absorbed by the surface of the Earth until it was saturated (or bound as more H2O due to reactions with the protoatmosphere). Once the crust was saturated with oxygen, you saw a very sudden spike in Oxygen content of the Earth's atmosphere once the free hydrogen was bound and the crust was saturated. The Oxygen had nowhere else to go. You can actually see this effect by looking at estimates for atmospheric oxygen content and the increases/declines/spikes.
Long story short, it's not that the atmosphere is being replenished, but without volcanism there wouldn't be enough initial atmosphere to ever really get started.
And if it produces 10,000 false positives to yield one valuable lead, how does that impact you? It's not like that turns into 10,000 knocks on 10,000 doors by 10,000 special agents. It gives them more trails to follow.
If each false positive requires 1 hour to identify as a false positive, you will have tied up 5.5 agents for an entire year in which they will have contributed exactly nothing to identifying 1 valuable lead.
You can estimate the cost of one government employee at $200k/year in actual billed cost. The result is that you will spend $1.1 million dollars for 'one valuable lead'.
You state that it gives you more trails to follow, but you don't want more trails if those are just wild goose chases. Wild goose chases are expensive, and they divert resources away from actual gainful endeavours. Every dollar you waste on a wild goose chase is also a dollar you didn't spend on timely analysis of valid leads.
You are correct that the solar wind would strip off hydrogen, but the reason it isn't stripping it isn't due to the magnetosphere alone.
Part of the reason Earth has hydrogen is because it also has oxygen. While the two elements (at least hydrogen) would be stripped by the solar wind if they remained separate, the Hydrogen is 'weighted down' by being bound in water molecules with Oxygen.
The solar wind has stripped most of the Helium from our planet's atmosphere because it is a noble gas and doesn't react with other elements. If the solar wind is already strong enough to strip off the He, it would certainly be strong enough to strip off the much lighter Hydrogen.
Old school apps, the programs we used to run on PCs automatically had access to everything that the user who ran it had access to. And that didn't seem to be a problem. People would report "spyware" and programs that did badness would be shunned.
My old school PC did not have an always-on internet connection, it did not have a GPS chip installed in it, it did not have all of my contacts packaged behind a convenient API (my contacts were handwritten in a little book) When I didn't want a program to have access to the internet, I didn't grant it access to the internet via the firewall, or I didn't even run it while the modem was connected.
My suggestion would be an introduction of laws that make theft by anyone authorised to make searches a crime that is punished much more than ordinary theft.
And that's different from what happens to you luggage in WHAT way ?? May I remind you that you are not allowed to use locks that are not easy to open (read. useless) on your suitcase?
My car is not being loaded into the cargo hold of the aircraft.
As for locks, I could use a suitcase made of 1/4" thick steel plate, weld the damned thing shut and encase it in 2' of concrete if I choose to do so. If it's not going onto an aircraft, I can lock it however I want.
(As an aside, you CAN use locks that are not easy to open, but that may prevent them from being loaded onto the aircraft, or being loaded without the lock being damaged)
As additional info: The transmission line loss is usually much higher than 0.75%, that was the lowest number I've seen and appears to be theoretical. However, given that it is still several times larger than the loss associated with transporting gasoline a similar distance, I think it only helps reinforce my point.
The energy density of gasoline is a huge factor when considering the cost of transport. The IT equivalent is the old story about the bandwidth of a stationwagon of data tapes travelling down the highway.
When dealing with transport of energy, the density matters, and chemical energy density is hard to beat.
Of course you won't have to pay for it. But your vehicle registration will increase to $500/yr. Just a coincidence.
I've always been !amused by the fact that I need to 'renew' a registration when no information has changed. Selling a car, buying a car, moving a car, all require me to update my registration, but as long as the VIN/Title and the person it is associated with aren't changing, the registration should persist.
I think there is a serious problem when expectations of privacy can be voided by laws which can force disclosure of private information.
If there was a law passed which said that letters could only be sent in clear plastic envelopes then you couldn't expect the contents of those letters to be private either. The real catch is that the only reason you don't have an expectation of privacy is that the law currently requires you to behave in a manner which makes privacy harder to ensure.
Of course, that is all beside the point that just because something is technically possible, doesn't mean it must be allowed (or encouraged). I like to use the example of postal mail because when you send a letter you really have no mechanism to prevent the mail carrier from opening the letter and reading/recording the contents. We as a people decided that we did not want to allow that so we declared that someone opening a letter not addressed to them to be a violation of law.
We take things which are 'public' and put them into private via laws all the time. Someone using a telephoto lens to peer into your windows is illegal in most jurisdictions, even though you have no reason to believe that such a thing is not possible. Medical records are a BIG example as well. What's preventing your medical records from being copied and posted publicly? Nothing other than a law against such behavior.
I am not the only person who doesn't want a database to be compiled from my location data and available 24x7, so I pressure my legislators to pass laws which prohibit such collection of data. So again, expectation of privacy can be reinforced by law.
Not if you don't believe in medical care, but in general everyone gets a screening test so they know if the baby is viable or has any number of problems.
I don't know if that's true, we had to elect to get the screening done.
I usually used an ice scraper to "defrost" windshields. It's not as fun as just sitting down in your preheated car but it does work. Certainly, the usage requires me to burn some calories which requires oxygen and emits carbon dioxide, and to compensate for that I need to eat food. And what do you know, the ice scraper is made from fossil fuels. But it's still less wasteful than starting the engine of your car when you don't use it as vehicle.
Hey you know what, so do I. You know what happens if there is humidity in the air and you have a cold windshield? Your windshield will frost right back up while driving. Not exactly a smart thing to do, so I either warm up the car until the ice melts, or I scrape the ice and warm up the car until the ice can melt.
Much as I'd like to, 50 years of understanding exactly how fast 60 MPH is means I have to pause and think about a little mental conversion when I see kph
Right after I posted, I realized I should have included a 'sarcasm' tag. In my example, I made mention of someone doing 45m/s in a 50kph zone to show that even to an engineer like myself, velocities in terms of meters per second are never mentioned in 'real life'.
(That 45m/s is about 100 MPH, obviously much more than 50kph)
I'm the same as you though, I've tried switching all the gauges in my car and GPS to metric units to get me into the 'feel' of how far a kilometer is, but it's been about 6 months and so far hasn't taken.
Your body becomes immune to the virus after infection. However, there are so many variants of the virus that manifest as 'the common cold' that people average true virus induced 'colds' once per year.
Slashdot Mirror
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
A major factor in designing any system is taking careful analysis of the risks and considering the cost of avoidance/mitigation with the cost of risk realization.
Analyze the cost of the risk occuring, the likelihood of that occurance, and the overall expected cost of the risk.
Now consider how expensive it would be to mitigate that risk. If the cost of mitigation is greater than the expected cost of the risk, you are better off putting your money elsewhere. (This assumes that you have fully analyzed the risk and considered ALL costs in your evaluation.)
When it comes to computer parts, sometimes you go down the route of 'trusted foundries'. However, that is an EXPENSIVE route. You will often find that you can plan around the risk, or you might be faced with the fact that your system is just too dangerous to operate given your original CONOPS.
Rough Example:
You need a data store, but you can't be completely sure that the hardware in that data store doesn't have a backdoor that would allow remote access to the data stored in that system.
Options:
1. Build the hardware using a trusted foundry. This is expensive, slow, and often behind the latest tech.
2. Rebuild the industrial capability in your country to manufacture the hardware. This will take a while. Also, why should you trust it just because it's in your country? The only thing this helps is to ensure that you can build replacement parts. (until the factory is bombed)
BUT WAIT!
Why not reevaluate your design and see if you can mitigate this risk with some design changes?
Encrypt the data before it crosses into the domain of the suspect system rather than encrypting it in place after it enters into the domain of the system. Now you don't have to care about the potential for that aspect of the backdoor, and it cost you a hell of a lot less than sourcing from a trusted foundry.
Obviously there is a lot more that most backdoors will allow other than just pulling data. The point is that once you start getting to the point that you are strongly considering using a trusted foundry, it is critically important that you evaluate your design because there are often ways to render the threat moot in design, rather than trying to completely trust your supply chain all the way to the end user.
I once had to design a system that needed to support the same radios for 20 years. Did I enter into a contract with motorola to keep a manufacturing line up during those 20 years? Nope. I analyzed/tested to see how they would handle sitting on a shelf. Pre-purchased enough radios to handle the expected DoA/Spares/need for 20 years. Since I only needed 100 of them, that was an option. If it were 1,000,000? Well, then Motorola might have considered keeping that line open on their own dime.
The point is, understand your design, and try not to paint yourself into a corner where you NEED to care about such a situation.
Cisco engineer here. ...We don't even market ourselves ... in most cases
In otherwords, we don't except when we do.
I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.
That's a bit disingenuous. You can't pick out a single stage of the process and compare that while ignoring everything else if you want an honest assessment of the efficiency.
The reason I focused on a single stage of the process is because the post I was responding to was discussing the relative waste of transmission line or truck delivery. Total system efficiency is certainly something worthy of discussion, but that wasn't the point of discussion. Everything that occurs before, and everything that occurs after is irrelevant because the point of discussion was loss during transmission.
In reality the destruction of a dam holding back that much water would wipe several cities off the map as the wave + flood took out city after city that was downstream...
I'd be surprised if a nuke could break a dam. Aren't most dams little more than wedge shaped blocks of concrete?
They press the button on the rear seat so it folds down and grants you access to the trunk?
(I have a hatchback, so it's just vacuum formed plastic on strings segregating my 'trunk' from my passenger area)
I departed from Munich for the US in 2007 and had to pass through three nearly identical security checkpoints. (basically security metal detector lines 3 times).
It was very odd, the only thing I can think of is that my terminal was nested. ie: first line was for all europe flights, second line was for international, and the third line was for US destinations. ie: had I just been going to Paris, maybe I would have only hit one line?
I contend that the core had cooled and was emitting no gases so the air 'evaporated'. I believe that our hot, steamy core is what regularly replenishes our atmosphere, and is made breathable by plankton as it bubbles up from the sea floor.
Volcanism is responsible for a great portion of our atmosphere. Early life cracked carbon dioxide and increased the oxygen content of the Earth. This early oxygen was absorbed by the surface of the Earth until it was saturated (or bound as more H2O due to reactions with the protoatmosphere). Once the crust was saturated with oxygen, you saw a very sudden spike in Oxygen content of the Earth's atmosphere once the free hydrogen was bound and the crust was saturated. The Oxygen had nowhere else to go. You can actually see this effect by looking at estimates for atmospheric oxygen content and the increases/declines/spikes.
Long story short, it's not that the atmosphere is being replenished, but without volcanism there wouldn't be enough initial atmosphere to ever really get started.
And if it produces 10,000 false positives to yield one valuable lead, how does that impact you? It's not like that turns into 10,000 knocks on 10,000 doors by 10,000 special agents. It gives them more trails to follow.
If each false positive requires 1 hour to identify as a false positive, you will have tied up 5.5 agents for an entire year in which they will have contributed exactly nothing to identifying 1 valuable lead.
You can estimate the cost of one government employee at $200k/year in actual billed cost. The result is that you will spend $1.1 million dollars for 'one valuable lead'.
You state that it gives you more trails to follow, but you don't want more trails if those are just wild goose chases. Wild goose chases are expensive, and they divert resources away from actual gainful endeavours. Every dollar you waste on a wild goose chase is also a dollar you didn't spend on timely analysis of valid leads.
You are correct that the solar wind would strip off hydrogen, but the reason it isn't stripping it isn't due to the magnetosphere alone.
Part of the reason Earth has hydrogen is because it also has oxygen. While the two elements (at least hydrogen) would be stripped by the solar wind if they remained separate, the Hydrogen is 'weighted down' by being bound in water molecules with Oxygen.
The solar wind has stripped most of the Helium from our planet's atmosphere because it is a noble gas and doesn't react with other elements. If the solar wind is already strong enough to strip off the He, it would certainly be strong enough to strip off the much lighter Hydrogen.
Old school apps, the programs we used to run on PCs automatically had access to everything that the user who ran it had access to. And that didn't seem to be a problem. People would report "spyware" and programs that did badness would be shunned.
My old school PC did not have an always-on internet connection, it did not have a GPS chip installed in it, it did not have all of my contacts packaged behind a convenient API (my contacts were handwritten in a little book) When I didn't want a program to have access to the internet, I didn't grant it access to the internet via the firewall, or I didn't even run it while the modem was connected.
If this becomes a precedent, can the police ask my house cleaner to execute a search warrant for my home?
They can't ask beforehand, but they can ask about what they saw when they come out.
My suggestion would be an introduction of laws that make theft by anyone authorised to make searches a crime that is punished much more than ordinary theft.
That already exists:
http://www.fbi.gov/about-us/investigate/civilrights/color_of_law
They can do that already.
Yes, they can. But if they access the locked compartments and I haven't given them permission, that's illegal.
Capability and legality are not always interchangeable.
And that's different from what happens to you luggage in WHAT way ?? May I remind you that you are not allowed to use locks that are not easy to open (read. useless) on your suitcase?
My car is not being loaded into the cargo hold of the aircraft.
As for locks, I could use a suitcase made of 1/4" thick steel plate, weld the damned thing shut and encase it in 2' of concrete if I choose to do so. If it's not going onto an aircraft, I can lock it however I want.
(As an aside, you CAN use locks that are not easy to open, but that may prevent them from being loaded onto the aircraft, or being loaded without the lock being damaged)
As additional info: The transmission line loss is usually much higher than 0.75%, that was the lowest number I've seen and appears to be theoretical. However, given that it is still several times larger than the loss associated with transporting gasoline a similar distance, I think it only helps reinforce my point.
Citation needed. Desperately. This doesn't jive with basic math.
What basic math are you using then?
A truck carrying 10,000 gallons of gasoline uses about 14.28 gallons to go 100 miles.
Transport loss is 0.14%
An electrical transmission line will lose about 0.75% over 100 miles at 1000MW (per http://en.wikipedia.org/wiki/Electric_power_transmission#Losses)
The energy density of gasoline is a huge factor when considering the cost of transport. The IT equivalent is the old story about the bandwidth of a stationwagon of data tapes travelling down the highway.
When dealing with transport of energy, the density matters, and chemical energy density is hard to beat.
I have trouble believing this. Can you provide a citation?
It is commonplace. Here is a quick example of people doing it at an abortion clinic.
http://abcnews.go.com/WNT/story?id=130243&page=1
Of course you won't have to pay for it. But your vehicle registration will increase to $500/yr. Just a coincidence.
I've always been !amused by the fact that I need to 'renew' a registration when no information has changed. Selling a car, buying a car, moving a car, all require me to update my registration, but as long as the VIN/Title and the person it is associated with aren't changing, the registration should persist.
I think there is a serious problem when expectations of privacy can be voided by laws which can force disclosure of private information.
If there was a law passed which said that letters could only be sent in clear plastic envelopes then you couldn't expect the contents of those letters to be private either. The real catch is that the only reason you don't have an expectation of privacy is that the law currently requires you to behave in a manner which makes privacy harder to ensure.
Of course, that is all beside the point that just because something is technically possible, doesn't mean it must be allowed (or encouraged). I like to use the example of postal mail because when you send a letter you really have no mechanism to prevent the mail carrier from opening the letter and reading/recording the contents. We as a people decided that we did not want to allow that so we declared that someone opening a letter not addressed to them to be a violation of law.
We take things which are 'public' and put them into private via laws all the time. Someone using a telephoto lens to peer into your windows is illegal in most jurisdictions, even though you have no reason to believe that such a thing is not possible. Medical records are a BIG example as well. What's preventing your medical records from being copied and posted publicly? Nothing other than a law against such behavior.
I am not the only person who doesn't want a database to be compiled from my location data and available 24x7, so I pressure my legislators to pass laws which prohibit such collection of data. So again, expectation of privacy can be reinforced by law.
You can live car-free in Philadelphia and Boston now, thanks to car sharing services.
Car-lite perhaps, but not exactly car-free.
Not if you don't believe in medical care, but in general everyone gets a screening test so they know if the baby is viable or has any number of problems.
I don't know if that's true, we had to elect to get the screening done.
I usually used an ice scraper to "defrost" windshields. It's not as fun as just sitting down in your preheated car but it does work. Certainly, the usage requires me to burn some calories which requires oxygen and emits carbon dioxide, and to compensate for that I need to eat food. And what do you know, the ice scraper is made from fossil fuels. But it's still less wasteful than starting the engine of your car when you don't use it as vehicle.
Hey you know what, so do I. You know what happens if there is humidity in the air and you have a cold windshield? Your windshield will frost right back up while driving. Not exactly a smart thing to do, so I either warm up the car until the ice melts, or I scrape the ice and warm up the car until the ice can melt.
Much as I'd like to, 50 years of understanding exactly how fast 60 MPH is means I have to pause and think about a little mental conversion when I see kph
Right after I posted, I realized I should have included a 'sarcasm' tag. In my example, I made mention of someone doing 45m/s in a 50kph zone to show that even to an engineer like myself, velocities in terms of meters per second are never mentioned in 'real life'.
(That 45m/s is about 100 MPH, obviously much more than 50kph)
I'm the same as you though, I've tried switching all the gauges in my car and GPS to metric units to get me into the 'feel' of how far a kilometer is, but it's been about 6 months and so far hasn't taken.
The common cold.
Your body becomes immune to the virus after infection. However, there are so many variants of the virus that manifest as 'the common cold' that people average true virus induced 'colds' once per year.