For example, there is very strong evidence that Scott Brown reached the US Senate as a result of election fraud. Details are in http://electiondefensealliance.org/files/BelieveIt_OrNot_100904.pdf That analysis compared the results in machine count jurisdictions and hand count jurisdictions. The usual disparity between hand count and machine count results (based on prior elections) runs around 0.25%. Coakley led in hand count jurisdictions by 2% and Brown in machine count jurisdictions by 5%. That is a 7% disparity. It also turns out that the company operating the machine counts was Republican-connected, and that the ballots were neither saved nor sampled to validate the accuracy of the machine counts. There are numerous ways to tamper with a machine count of paper ballots, especially in a two-person special election.
The method published in the subject paper could not pick up this kind of election fraud.
One major potential source of battery backup is electric vehicles. Even after their batteries are no longer usable in the cars (about 75% of capacity) they can be used as backup for wind and solar. That also requires either the vehicles or the charging stations to include inverters that can feed power to the grid.
Geographic diversity can do some mitigation of wind variability, but storage is better. Not all storage needs to be in batteries. For example, compressed air and flywheels are other storage technologies that can also help.
The distribution infrastructure needs to be rebuilt, but that is not what would transfer power over larger regions. The transmission infrastructure does that job. One study a few years ago estimated a need for about 10K miles of new 500KV transmission to handle a wind penetration of around 20% to 30%.
Also, there is a need for much more detailed and more statistically-focused weather forecasting to support wind production forecasting. That is needed to help manage a system with high wind penetration.
In addition to the number of offices and questions on the ballot, US elections can be complicated by multi-seat offices (e.g., there are five council seats, they run "at large," and you vote for five candidates out of of whatever number are running; the top five win). In Canada and many other countries, there is one office and a number of competing candidates. They can put the ballots in piles and count the piles. You can't do that with a multi-seat office, and it gets difficult when there are multiple offices on the ballot.
The number of offices and questions can be large. Where I live, in a presidential year there may be around a dozen or more offices and questions on the ballot. In an "off-year" (mainly local) election there may be 20 or 30 offices and questions, including at least 3 or 4 that are multi-seat.
Some problems do remain. FERC and NERC only control the Bulk Electric System. The state PUC's regulate the distribution system, and few PUCs have the capability for overseeing cybersecurity. Second, there is huge pushback on NERC when they try to tighten the CIP standards. The prime example is the continued existence of the scope exclusion for non-routable protocols. They are just as vulnerable as routable protocols, but if they were made in scope asset owners would have more work to do to protect them or might actually need to replace their legacy equipment. So, the exclusion hangs on revision after revision. Finally, even if the asset owner is serious about cybersecurity, their vendor might not be willing to get serious and might prefer to peddle half-vast capabilities.
For the high voltage part of the electric grid there are already mandatory standards, They are part of the reliability standards mandated by a 2005 law and are produced by an industry consensus standards organization. However, upon acceptance by the Federal Energy Regulatory Commission (FERC) they become mandatory with maximum penalties of a million dollars a day per violation.
The early versions of the standards mainly required asset owners to attend to cybersecurity by identifying critical assets and making and following plans to protect them. The early violations were not having the plans and not updating them. Some asset owners tried to say they didn't have any critical assets. Over the years provisions have tightened (like defining what kinds of assets are critical and requiring that the plans not only be prepared but actually followed).
The asset owners have some legitimate concerns. For example, if the standards give discretion to auditors in reviewing the quality of their cybersecurity protections, they are worried about auditors who don't really understand the technology, see an actually inapplicable "best practice" somewhere and downrate the cybersecurity protections if the practice isn't followed. For example, the general practice in IT is to routinely install vendor patches. However, the proper practice in electric grid control systems is to individually test the patches to ensure that they don't cause system instability or equipment misoperation. You don't routinely install vendor patches if your job is to keep the lights on.
Mandating of cybersecurity has to be done carefully with sensitivity and attention to details in the application domain. But it does need to be done.
On a machine with XP pre-installed, you can squash it down to about 20% of the drive to install Linux on the remainder. With later versions of Windows, you can't go below about 50%. All of my machines are dual boot XP and Linux.
The Bible is compiled from a variety of materials. Some do indeed provide as accurate a description of events as is possible, given that parts of the material likely represent oral traditions handed down and later committed to writing. Of course, all history is written from a perspective and all documents, ancient and modern, are written for a purpose that may not have historical accuracy as a major priority.
Some parts of the Bible are legal and ethical in nature, others are writings regarded as having philosophical or historical merit. However, regardless of the nature of the material, there are nuggets of historical content found in numerous places.
There is very good evidence that the Israelites were in Egypt. Many of their names are Egyptian. There are also Egyptian descriptions of the plagues and of the destruction of pharoah's army. See http://jbq.jewishbible.org/assets/Uploads/363/363_dayenufinal.pdf for details.
There have been other discoveries of significance. For example, Israeli scientists used satellite imagery to find a canal that figures in the story of the Exodus. The canal runs from Lake Balah to Lake Timsah, and was probably built as a military earthwork. According to the scientists, the south end of Lake Timsah qualifies today for the name "Yam Suf" (Sea of Reeds, the place name often erroneously translated as "Red Sea") and the place where pharoah's army was destroyed is Pi Hachirot, literally "mouth of the canal."
Most standards are written by volunteers who (or whose companies) even pay for their travel to meetings. All standards are copyright, and except for a few SDOs such as the IETF, most have to be purchased. SDOs, including professional societies, use sales of standards to support their central staffs. For IEC standards, even the volunteers who prepare them are expected to buy the final copies (the draft standards are marked as being only for the purpose of preparing comments). A single user set of the first five Smart Grid standards referred for action by FERC under the law creating the Smart Grid, all IEC standards, costs about $10K. That does not include the numerous normative references cited in the standards that also have to be purchased to fully understand the details. This creates a barrier to potential users even finding out what is in the standards to determine if they are worth using.
Reactive power isn't imaginary, except in its mathematical representation. It is really due to the charging and discharging of lines and other reactances.
The 50/60 Hz split posed a problem for air conditioner manufacturers in Japan. Their solution was frequency-converting air conditioners that would work on either 50 Hz or 60 Hz. When they were first being installed it was not noticed that their characteristics over their range of operating voltages were not the same as conventional air conditioners.
The problem became clear on a hot summer day in the late 1980's. TEPCO was importing power to the Tokyo area from nuclear plants a considerable distance away. Long distance transmission of electricity requires reactive power to maintain voltage at the receiving end. The frequency-converting air conditioners increased the need for reactive power in the Tokyo area.
In early afternoon, TEPCO ran out of reactive power and the voltage collapsed, causing a major blackout. It was the first major blackout that happened without some kind of event such as a lightning strike or a piece of equipment failing.
This bill was notivated by a CNN program where some technology-challenged lawyers tried to play techies on TV. The program was based on a preposterous scenario in which a viral, malicious cell phone app took down the Internet and went on to take down the power grid. It would require a huge level of stupidity, incompetence, and neglect among both techies and management in multiple industries for anything like that scenario to happen. In addition, the cell phone app itself would need to make Stuxnet look like child's play.
The organizer of the CNN program was a former Homeland Security secretary who ordered a phoney attack on a piece of equipment to be able to put a video on CNN showing the equipment physically destroying itself. The attack did not involve actual cyber penetration, only taking some actions well-known to destroy equipment. It was a publicity stunt to get attention and funding from Congress.
Cybersecurity laws need to be based on more than tech-challenged lawyers' solutions to science fiction scenarios from the minds of other tech-challenged lawyers.
First, science has always had a political aspect. Publication reviewers are always biased by conventional wisdom among their scientific peers, and they will become critical of any submitted paper that strays from that view. A lot of careers are based on following the conventional wisdom, and threats to those careers are met with political responses.
Second, the quest for statistical significance is based on serious misunderstanding of statistics among scientists. It has been so for decades. Publication editors are thoroughly ignorant of statistics if they demand statistical significance at the.95 or.99 levels as a condition of acceptance.
Results that are statistically significant may or may not be clinically significant. Both factors must be considered.
Significance levels are based on one model of statistical inference. There are other models, although those have been subjected to politics within the mathematical/statistical community. Although Bayesian statistics are now accepted (and form a critical basis in theories of signal processing, radar, and other technologies) they were rejected by the statistical community for many years. The rejection was almost completely political, because the concepts challenged the conventional wisdom.
The basic scientific method is not a problem. The major problem is the factors in publication acceptance and the related biases and pressures to adhere to the conventional wisdom. Rejection of papers based on politics or on ignorance of statistical methods is outside the scientific method and needs to be rooted out.
Geomagnetic storms cause DC ground currents in power grid transformers. The currents magnetically saturate the transformer cores and result in both overheating of the power system equipment and power quality problems that affect end user equipment. In the last round of geomagnetic storms (late 1980's to early 1990's) power grid transformers were damaged as far south as New Jersey. One fix discussed at that time was to switch nonlinear resistors into the transformer ground connections to limit the DC currents.
Another problem that accompanies the geomagnetic storms is disruption of wireline communications that is used for SCADA connections between field devices and control centers. Thus, just as the control centers most need to know what is happening in substations, they are blinded by the same conditions that are causing damage to the substation equipment. Transition from wireline to fiber optics can mitigate that issue.
Geomagnetic storms are a serious threat to grid reliability. Early warning is important (e.g., through satellite monitoring of solar activity), as are steps to mitigate the effects and prevent damage to equipment.
The statement that OSI sent to the German authorities should also go to the US Justice Department Antitrust Division and to the Federal Trade Commission. The placement of OSS-relevant patents in the hands of OSS opponents creates a serious concern.
Multifuel vehicles run on gasoline, ethanol, methanol, and other fuels. Brazil has them. They don't cost much more than our vehicles (I think the difference is about $35).
The problem here is that by going 'multifuel' you lose a significant amount of efficiency on any one of the fuels. There may be a way around it, but I don't think it would be 'automatic'. You'd have to twist a knob or switch a lever to say "I've got dead hippies in my tank" or "I've got carrot oil in my tank".
My understanding is that the $35 is mainly for an automatic sensor and related programming that adjust operation of the engine. You only get the energy content of the fuel, but the engine adjusts to optimize its efficiency. We could have had this years ago, but the oil companies pressured the automobile manufacturers not to include it here. It is a common feature in Brazil.
Multifuel vehicles run on gasoline, ethanol, methanol, and other fuels. Brazil has them. They don't cost much more than our vehicles (I think the difference is about $35).
Alternative fuels based on algae include both oil and ethanol. The oil gets squeezed out and the remainder is fermented into ethanol.
We will need it when the price of petroleum oil skyrockets, which it is expected to do in the next few years -- permanently, due to peak oil and the disappearance of the excess capacity in the oil industry (supply over demand).
The DoD JOE report expects the problem to start in 2012 and get bad by 2015. The report is the Joint Operating Environment report found at www.jfcom.mil/newslink/storyarchive/2010/JOE_2010_o.pdf
Also, in slide 8 of the presentation at www.competecoalition.com/files/PHEV-Conf...sentation_Toyota.pdf there is a curve showing the price of gasoline skyrocketing in about 2015 because of the disappearance of excess oil capacity.
The government was moving to require the OSI stack. The standards were called Government OSI Profile (GOSIP) and the Industry/Government Open System Specification (IGOSS). The standards would have cost thousands of dollars, not be freely downloadable as the IETF standards are. X.25 was a possible part of it, although there were OSI standards for the network layers as well. One additional problem was that there was no guarantee that after adoption the standards would work. The IETF, at least formally, requires that the standards be demonstrated to work and be interoperable in different implementations before they can be adopted. There were three OSI Implementers' Workshops in different parts of the world (one of which met at NIST) that surfaced implementation problems, adopted implementers' agreements, and recommended changes in the standards to make them work.
The difference was -- yes -- Al Gore. He was Clinton's Vice President and had years of association with the leaders of the IETF and had been following the technology of the Internet Protocol Suite (a.k.a. TCP/IP). When the Clinton Administration came in, they killed GOSIP and IGOSS, eliminated funding for the NIST OIW, and encouraged use of TCP/IP. The Internet took off, and the rest is history.
The rules adopted by the FCC are very close to the position recently approved by IEEE-USA and prepared by the IEEE-USA Committee on Communications Policy. The position can be found at http://www.ieeeusa.org/policy/positions/NetworkTrafficManagementNov10.pdf The position is on Network Traffic Management and not on "net neutrality".
From a white paper that preceded the position statement (http://www.ieeeusa.org/volunteers/committees/ccp/docs/NTM-whitepaper.pdf), there are multiple ways to define net neutraliry. One is to say "a bit is a bit". That is neutrality across applications, but is not technically accurate. A bit in file downloading has different quality-of-service requirements than a bit in streaming video. The alternative definition is to say that ISP's should be able to manage their networks for quality-of-service to different applications, but not to discriminate between users having similar applications, especially based on commercial considerations and side deals. That is neutrality across users running the same kinds of applications.
The IEEE-USA position is that quality-of-service should be stated and transparent. Higher QOS could be priced differently by ISP's. However, the parameters of QOS are well known (bandwidth, packet loss, latency, jitter, and availability/uptime) and users can figure out what they need for their applications. ISP's should be held to their stated QOS levels and should not be allowed to discriminate against content, applications, or services within a given QOS level.
That is substantially what the FCC decided yesterday and it is the proper policy.
A possible security control for home networks would be to disconnect from the public network when you are doing administrative work on the router. Then unless the attacker has already placed a sniffer on the home network, the encrypted login credentials would not be visible from the public network while the administrative work was being done.
If the work involves the public network, perhaps the approach would be to disconnect during the login process and reconnect afterward. That might not prevent the attacker from viewing the activity with the public network but would prevent disclosure of the router credentials. Of course this might leave the attacker visibility into the transactions between the modem and the public network.
I once met a former colleague of theirs at a trade show. He told me that they had actually put the backdoor into the C compiler. They had been receiving calls at all hours from executives who demanded that systems be fixed ASAP but did not know the root login information. The backdoor set up a predefined root account whenever compiling a program named "login". It enabled them to get in and do the fixes without needing to contact the system administrators.
Wouldn't that have required also that the compiler be setuid root to enable it to modify the root entry for the password file?
The change had nothing to do with the password file. The predefined account was inserted by the compiler binary into the compiled login binary. Its existence was known only to the people who programmed the compiler and produced the distributed compiler binary.
I once met a former colleague of theirs at a trade show. He told me that they had actually put the backdoor into the C compiler. They had been receiving calls at all hours from executives who demanded that systems be fixed ASAP but did not know the root login information. The backdoor set up a predefined root account whenever compiling a program named "login". It enabled them to get in and do the fixes without needing to contact the system administrators.
Slashdot Mirror
For example, there is very strong evidence that Scott Brown reached the US Senate as a result of election fraud. Details are in http://electiondefensealliance.org/files/BelieveIt_OrNot_100904.pdf That analysis compared the results in machine count jurisdictions and hand count jurisdictions. The usual disparity between hand count and machine count results (based on prior elections) runs around 0.25%. Coakley led in hand count jurisdictions by 2% and Brown in machine count jurisdictions by 5%. That is a 7% disparity. It also turns out that the company operating the machine counts was Republican-connected, and that the ballots were neither saved nor sampled to validate the accuracy of the machine counts. There are numerous ways to tamper with a machine count of paper ballots, especially in a two-person special election.
The method published in the subject paper could not pick up this kind of election fraud.
One major potential source of battery backup is electric vehicles. Even after their batteries are no longer usable in the cars (about 75% of capacity) they can be used as backup for wind and solar. That also requires either the vehicles or the charging stations to include inverters that can feed power to the grid.
Geographic diversity can do some mitigation of wind variability, but storage is better. Not all storage needs to be in batteries. For example, compressed air and flywheels are other storage technologies that can also help.
The distribution infrastructure needs to be rebuilt, but that is not what would transfer power over larger regions. The transmission infrastructure does that job. One study a few years ago estimated a need for about 10K miles of new 500KV transmission to handle a wind penetration of around 20% to 30%.
Also, there is a need for much more detailed and more statistically-focused weather forecasting to support wind production forecasting. That is needed to help manage a system with high wind penetration.
In addition to the number of offices and questions on the ballot, US elections can be complicated by multi-seat offices (e.g., there are five council seats, they run "at large," and you vote for five candidates out of of whatever number are running; the top five win). In Canada and many other countries, there is one office and a number of competing candidates. They can put the ballots in piles and count the piles. You can't do that with a multi-seat office, and it gets difficult when there are multiple offices on the ballot.
The number of offices and questions can be large. Where I live, in a presidential year there may be around a dozen or more offices and questions on the ballot. In an "off-year" (mainly local) election there may be 20 or 30 offices and questions, including at least 3 or 4 that are multi-seat.
Some problems do remain. FERC and NERC only control the Bulk Electric System. The state PUC's regulate the distribution system, and few PUCs have the capability for overseeing cybersecurity. Second, there is huge pushback on NERC when they try to tighten the CIP standards. The prime example is the continued existence of the scope exclusion for non-routable protocols. They are just as vulnerable as routable protocols, but if they were made in scope asset owners would have more work to do to protect them or might actually need to replace their legacy equipment. So, the exclusion hangs on revision after revision. Finally, even if the asset owner is serious about cybersecurity, their vendor might not be willing to get serious and might prefer to peddle half-vast capabilities.
For the high voltage part of the electric grid there are already mandatory standards, They are part of the reliability standards mandated by a 2005 law and are produced by an industry consensus standards organization. However, upon acceptance by the Federal Energy Regulatory Commission (FERC) they become mandatory with maximum penalties of a million dollars a day per violation.
The early versions of the standards mainly required asset owners to attend to cybersecurity by identifying critical assets and making and following plans to protect them. The early violations were not having the plans and not updating them. Some asset owners tried to say they didn't have any critical assets. Over the years provisions have tightened (like defining what kinds of assets are critical and requiring that the plans not only be prepared but actually followed).
The asset owners have some legitimate concerns. For example, if the standards give discretion to auditors in reviewing the quality of their cybersecurity protections, they are worried about auditors who don't really understand the technology, see an actually inapplicable "best practice" somewhere and downrate the cybersecurity protections if the practice isn't followed. For example, the general practice in IT is to routinely install vendor patches. However, the proper practice in electric grid control systems is to individually test the patches to ensure that they don't cause system instability or equipment misoperation. You don't routinely install vendor patches if your job is to keep the lights on.
Mandating of cybersecurity has to be done carefully with sensitivity and attention to details in the application domain. But it does need to be done.
I didn't recognize Todd Akin as being an Iranian name, but the nature of the thinking seems about the same.
"...since Jefferson put in the Alien and Sedition acts more than 200 years ago".
It was Adams who put in the Alien and Sedition Acts and Jefferson who ended them.
On a machine with XP pre-installed, you can squash it down to about 20% of the drive to install Linux on the remainder. With later versions of Windows, you can't go below about 50%. All of my machines are dual boot XP and Linux.
The Bible is compiled from a variety of materials. Some do indeed provide as accurate a description of events as is possible, given that parts of the material likely represent oral traditions handed down and later committed to writing. Of course, all history is written from a perspective and all documents, ancient and modern, are written for a purpose that may not have historical accuracy as a major priority.
Some parts of the Bible are legal and ethical in nature, others are writings regarded as having philosophical or historical merit. However, regardless of the nature of the material, there are nuggets of historical content found in numerous places.
There is very good evidence that the Israelites were in Egypt. Many of their names are Egyptian. There are also Egyptian descriptions of the plagues and of the destruction of pharoah's army. See http://jbq.jewishbible.org/assets/Uploads/363/363_dayenufinal.pdf for details.
There have been other discoveries of significance. For example, Israeli scientists used satellite imagery to find a canal that figures in the story of the Exodus. The canal runs from Lake Balah to Lake Timsah, and was probably built as a military earthwork. According to the scientists, the south end of Lake Timsah qualifies today for the name "Yam Suf" (Sea of Reeds, the place name often erroneously translated as "Red Sea") and the place where pharoah's army was destroyed is Pi Hachirot, literally "mouth of the canal."
Most standards are written by volunteers who (or whose companies) even pay for their travel to meetings. All standards are copyright, and except for a few SDOs such as the IETF, most have to be purchased. SDOs, including professional societies, use sales of standards to support their central staffs. For IEC standards, even the volunteers who prepare them are expected to buy the final copies (the draft standards are marked as being only for the purpose of preparing comments). A single user set of the first five Smart Grid standards referred for action by FERC under the law creating the Smart Grid, all IEC standards, costs about $10K. That does not include the numerous normative references cited in the standards that also have to be purchased to fully understand the details. This creates a barrier to potential users even finding out what is in the standards to determine if they are worth using.
Reactive power isn't imaginary, except in its mathematical representation. It is really due to the charging and discharging of lines and other reactances.
The 50/60 Hz split posed a problem for air conditioner manufacturers in Japan. Their solution was frequency-converting air conditioners that would work on either 50 Hz or 60 Hz. When they were first being installed it was not noticed that their characteristics over their range of operating voltages were not the same as conventional air conditioners.
The problem became clear on a hot summer day in the late 1980's. TEPCO was importing power to the Tokyo area from nuclear plants a considerable distance away. Long distance transmission of electricity requires reactive power to maintain voltage at the receiving end. The frequency-converting air conditioners increased the need for reactive power in the Tokyo area.
In early afternoon, TEPCO ran out of reactive power and the voltage collapsed, causing a major blackout. It was the first major blackout that happened without some kind of event such as a lightning strike or a piece of equipment failing.
This bill was notivated by a CNN program where some technology-challenged lawyers tried to play techies on TV. The program was based on a preposterous scenario in which a viral, malicious cell phone app took down the Internet and went on to take down the power grid. It would require a huge level of stupidity, incompetence, and neglect among both techies and management in multiple industries for anything like that scenario to happen. In addition, the cell phone app itself would need to make Stuxnet look like child's play.
The organizer of the CNN program was a former Homeland Security secretary who ordered a phoney attack on a piece of equipment to be able to put a video on CNN showing the equipment physically destroying itself. The attack did not involve actual cyber penetration, only taking some actions well-known to destroy equipment. It was a publicity stunt to get attention and funding from Congress.
Cybersecurity laws need to be based on more than tech-challenged lawyers' solutions to science fiction scenarios from the minds of other tech-challenged lawyers.
First, science has always had a political aspect. Publication reviewers are always biased by conventional wisdom among their scientific peers, and they will become critical of any submitted paper that strays from that view. A lot of careers are based on following the conventional wisdom, and threats to those careers are met with political responses.
Second, the quest for statistical significance is based on serious misunderstanding of statistics among scientists. It has been so for decades. Publication editors are thoroughly ignorant of statistics if they demand statistical significance at the .95 or .99 levels as a condition of acceptance.
Results that are statistically significant may or may not be clinically significant. Both factors must be considered.
Significance levels are based on one model of statistical inference. There are other models, although those have been subjected to politics within the mathematical/statistical community. Although Bayesian statistics are now accepted (and form a critical basis in theories of signal processing, radar, and other technologies) they were rejected by the statistical community for many years. The rejection was almost completely political, because the concepts challenged the conventional wisdom.
The basic scientific method is not a problem. The major problem is the factors in publication acceptance and the related biases and pressures to adhere to the conventional wisdom. Rejection of papers based on politics or on ignorance of statistical methods is outside the scientific method and needs to be rooted out.
Geomagnetic storms cause DC ground currents in power grid transformers. The currents magnetically saturate the transformer cores and result in both overheating of the power system equipment and power quality problems that affect end user equipment. In the last round of geomagnetic storms (late 1980's to early 1990's) power grid transformers were damaged as far south as New Jersey. One fix discussed at that time was to switch nonlinear resistors into the transformer ground connections to limit the DC currents.
Another problem that accompanies the geomagnetic storms is disruption of wireline communications that is used for SCADA connections between field devices and control centers. Thus, just as the control centers most need to know what is happening in substations, they are blinded by the same conditions that are causing damage to the substation equipment. Transition from wireline to fiber optics can mitigate that issue.
Geomagnetic storms are a serious threat to grid reliability. Early warning is important (e.g., through satellite monitoring of solar activity), as are steps to mitigate the effects and prevent damage to equipment.
The statement that OSI sent to the German authorities should also go to the US Justice Department Antitrust Division and to the Federal Trade Commission. The placement of OSS-relevant patents in the hands of OSS opponents creates a serious concern.
Multifuel vehicles run on gasoline, ethanol, methanol, and other fuels. Brazil has them. They don't cost much more than our vehicles (I think the difference is about $35).
The problem here is that by going 'multifuel' you lose a significant amount of efficiency on any one of the fuels. There may be a way around it, but I don't think it would be 'automatic'. You'd have to twist a knob or switch a lever to say "I've got dead hippies in my tank" or "I've got carrot oil in my tank".
My understanding is that the $35 is mainly for an automatic sensor and related programming that adjust operation of the engine. You only get the energy content of the fuel, but the engine adjusts to optimize its efficiency. We could have had this years ago, but the oil companies pressured the automobile manufacturers not to include it here. It is a common feature in Brazil.
Multifuel vehicles run on gasoline, ethanol, methanol, and other fuels. Brazil has them. They don't cost much more than our vehicles (I think the difference is about $35).
Alternative fuels based on algae include both oil and ethanol. The oil gets squeezed out and the remainder is fermented into ethanol.
We will need it when the price of petroleum oil skyrockets, which it is expected to do in the next few years -- permanently, due to peak oil and the disappearance of the excess capacity in the oil industry (supply over demand).
The DoD JOE report expects the problem to start in 2012 and get bad by 2015. The report is the Joint Operating Environment report found at www.jfcom.mil/newslink/storyarchive/2010/JOE_2010_o.pdf
Also, in slide 8 of the presentation at www.competecoalition.com/files/PHEV-Conf...sentation_Toyota.pdf there is a curve showing the price of gasoline skyrocketing in about 2015 because of the disappearance of excess oil capacity.
The government was moving to require the OSI stack. The standards were called Government OSI Profile (GOSIP) and the Industry/Government Open System Specification (IGOSS). The standards would have cost thousands of dollars, not be freely downloadable as the IETF standards are. X.25 was a possible part of it, although there were OSI standards for the network layers as well. One additional problem was that there was no guarantee that after adoption the standards would work. The IETF, at least formally, requires that the standards be demonstrated to work and be interoperable in different implementations before they can be adopted. There were three OSI Implementers' Workshops in different parts of the world (one of which met at NIST) that surfaced implementation problems, adopted implementers' agreements, and recommended changes in the standards to make them work.
The difference was -- yes -- Al Gore. He was Clinton's Vice President and had years of association with the leaders of the IETF and had been following the technology of the Internet Protocol Suite (a.k.a. TCP/IP). When the Clinton Administration came in, they killed GOSIP and IGOSS, eliminated funding for the NIST OIW, and encouraged use of TCP/IP. The Internet took off, and the rest is history.
The rules adopted by the FCC are very close to the position recently approved by IEEE-USA and prepared by the IEEE-USA Committee on Communications Policy. The position can be found at http://www.ieeeusa.org/policy/positions/NetworkTrafficManagementNov10.pdf The position is on Network Traffic Management and not on "net neutrality".
From a white paper that preceded the position statement (http://www.ieeeusa.org/volunteers/committees/ccp/docs/NTM-whitepaper.pdf), there are multiple ways to define net neutraliry. One is to say "a bit is a bit". That is neutrality across applications, but is not technically accurate. A bit in file downloading has different quality-of-service requirements than a bit in streaming video. The alternative definition is to say that ISP's should be able to manage their networks for quality-of-service to different applications, but not to discriminate between users having similar applications, especially based on commercial considerations and side deals. That is neutrality across users running the same kinds of applications.
The IEEE-USA position is that quality-of-service should be stated and transparent. Higher QOS could be priced differently by ISP's. However, the parameters of QOS are well known (bandwidth, packet loss, latency, jitter, and availability/uptime) and users can figure out what they need for their applications. ISP's should be held to their stated QOS levels and should not be allowed to discriminate against content, applications, or services within a given QOS level.
That is substantially what the FCC decided yesterday and it is the proper policy.
A possible security control for home networks would be to disconnect from the public network when you are doing administrative work on the router. Then unless the attacker has already placed a sniffer on the home network, the encrypted login credentials would not be visible from the public network while the administrative work was being done.
If the work involves the public network, perhaps the approach would be to disconnect during the login process and reconnect afterward. That might not prevent the attacker from viewing the activity with the public network but would prevent disclosure of the router credentials. Of course this might leave the attacker visibility into the transactions between the modem and the public network.
Wouldn't that have required also that the compiler be setuid root to enable it to modify the root entry for the password file?
The change had nothing to do with the password file. The predefined account was inserted by the compiler binary into the compiled login binary. Its existence was known only to the people who programmed the compiler and produced the distributed compiler binary.
I once met a former colleague of theirs at a trade show. He told me that they had actually put the backdoor into the C compiler. They had been receiving calls at all hours from executives who demanded that systems be fixed ASAP but did not know the root login information. The backdoor set up a predefined root account whenever compiling a program named "login". It enabled them to get in and do the fixes without needing to contact the system administrators.