Russia’s War On 99942 Apophis

Back in 2004 I mentioned 99942 Aphophis, a near earth asteroid who was calculated to have a 1 in 37 (2.7%) chance of hitting earth in 2029. That was subsequently ruled a non-existent risk however if it passed through a gravitational keyhole in 2029 it would have a 1 in 250,000 chance in 2036 or 1 in 12.3 million in 2037. Most of us have other terrestrial things to worry about. There’s also a chance something else from the heavens is on a collision course and we just don’t see it. We only monitor a tiny portion of the sky.

Russia however sounds like it may want to make an attempt to divert the course of this asteroid in 2029. If that idea sounds familiar from somewhere, you’re right. It’s the plot for Armageddon. Bruce Willis might be a little to old for the job by 2029 though.

Unless the trajectory data in 2029 substantially changes the odds, it seems like it would be a bad idea to even attempt something like this. The odds of a human failure would likely be higher than the risk of the asteroid without human meddling. Being prepared may not be such a bad idea however, odds are we’d be able to reuse the technology as an impact is inevitable given enough time.

Philip Plait, Ph.D. of Bad Astronomy mentions this specific asteroid and the idea of moving or blowing it up in Death From The Skies. The movies are bogus, it’s not easy. Density and composition of the asteroid are important. It may just be a giant chunk of iron, or a “garbage pile” of rock.

Security Through Obscurity TSA/GSM Edition

It’s impossible to write code these days without having to study security to some extent. The byproduct of this is that since digital security concepts are based largely on real life, you see the obvious gaps in real life “security”. The quotes are intentional because many/most attempts only provide the feeling of security as opposed to real security.

“Security through obscurity” is perhaps one of the most insane of ideas. The principle being that if the implementation is kept secret the entire application is secure (emphasis on if). If it’s compromised, then you’re in trouble.

TSA “Security”

Books have been written about how poor the TSA is at security. Bruce Schneier is likely one of the best when it comes to pointing out the silly practices and how little it actually does for actual security.

The latest security directive was sent to thousands of individuals at airlines around the world. Needless to say it was leaked (imagine that). Of course the TSA wasn’t thrilled about that. What this does show is that the TSA is simply hoping any potential terrorist is too dumb to do something original. See Bruce Schneier’s piece linked above which draws the same conclusion.

The fake boarding pass scheme is another great example.

Millimeter wave scanner’s (those fully body scanners) haven’t even been 100% implemented yet and have been defeated. Al Qaeda has already figured out that they could mimic drug smugglers and place bombs in certain body cavities. A CT scan would detect that but a full body CT scan is too much radiation and too slow for routine use. No sane person would use a CT scan for security. You would certainly kill more than you would save. That means a complementary prostate exam or “bend and spread” (limited success in prison) is pretty much the only solution. Of course surgical implantation would defeat that as well.

Edit 1/1/2010 @ 3:00 PM EST: The TSA has apparently realized how pointless their legal efforts were and have withdrawn its subpoena.

GSMA “Security”

GSMA (GSM Association) are the folks behind GSM A5/1 encryption used in the majority of phones worldwide which is supposed to keep your calls secure and safe from prying ears. Karsten Nohl figured out how it can be broken. It’s noteworthy that this is an 18-year-old standard from days when computing power was much more limited. It’s also noteworthy that most governments and criminals have likely figured this stuff out already (they just aren’t sharing). The GSMA response:

“What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”

Mike Masnick at TechDirt decoded the PR speak decoded:

… First, claiming it’s “theoretically possible, but practically unlikely” means that it’s very, very possible and quite likely. To then say that no one else had broken the code since its adoption fifteen years ago is almost certainly false. What she means is that no one else who’s broken the code has gone public with it — probably because it’s much more lucrative keeping that info to themselves…

Wikipedia has a rundown of the security of A5/1.

The Death Of Duke Nukem Forever

Way back in 2006 I blogged about all the things that took less time than Duke Nukem Forever. A running joke in the technology industry as a whole has been how long the mythical game has taken to develop. Wars have started and ended in less time than they spent on the game. Take World War II for example.

Now that it’s effectively a dead project, Wired has an excellent article on the death of Duke Nukem Forever. It’s a very worthwhile read if you have any interest in technology, business, gaming, or just succeeding in anything. Among the takeaways:

  • Having seemingly unlimited money can be a curse more than a blessing. Being on a budget forces discipline that’s necessary regardless of budget.
  • Always have milestones and deadlines.
  • Always have an end-game.
  • Once you pick your platform, stick with it until you release a product unless it’s impossible to do so.
  • Check your ego.

I suspect at the end it’s now come down to an IP grab and they are really just trying to get the name, which is likely worth more than all the years of software development in the project. That however doesn’t take away from how poorly managed things were.

Web Development has a notable difference in that it never really “ships”. So there’s no end-game unless your handing off the project/code. It’s an iterative process. That however still leaves milestones that need to be met.

Hopefully someone will salvage what’s left and release the game. However that would only be a good thing if its done right. To often these situations end up with a half-baked half-salvaged Frankenstein of a product.

Christmas Economics

Jeff Walden linked to a great paper:The Deadweight Loss of Christmas by Joel Waldfogel. Given the economy this several year old paper is extremely relevant and interesting. Something to keep in mind when merchants report their holiday sales statistics.

I remember a discussion on this in college (likely an economics class). It’s a slight misnomer that Christmas is an economic stimulus in the way people think it is.

Continue reading

Festivus Time

It’s that time of year again. Time to put up the Festivus pole, enjoy your Festivus Dinner, participate in the Airing of Grievances and finally participate in the Feats of Strength should you be chosen.

The particular episode in question is Season 9 Episode 166 “The Strike”.

If you make a donation, I suggest “The Human Fund”.

Adventures With document.documentElement.firstChild

Here’s an interesting DOM test-case I ran across inadvertently yesterday.

For the purpose of this post assume the following markup:

< !DOCTYPE html>
<html>
<!– i broke the dom –>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Testcase</title>
</head>
<body>
<p>Something</p>
</body>
</html>

If I use document.documentElement.firstChild I don’t get consistent behavior. In Firefox and IE I get the <head/> element, which is what I was initially expecting. In WebKit (Safari/Chrome) and Opera. I get the HTML comment which I wasn’t.

Continue reading