Feed aggregator

Risky business: Top 5 failures of US commercial space program (PHOTO, VIDEO)

RT -

Here are the top five crashes involving the aircrafts or rockets of NASA's private contractors.

Galactic’s deadly desert crash

Virgin Galactic’s SpaceShipTwo experimental rocket plane crashed on Friday in the Mohave Desert, killing one pilot.

The aircraft suffered an “in-flight anomaly” during a test flight, which led up the crash, Virgin Galactic said. The fatal flight was the aircraft’s 55th test.

Pictures of #SpaceShipTwo today. __________________________________________________________________________________ pic.twitter.com/vDyKAU8WIC

— Ryan Burke (@Ry4nBurke) October 31, 2014

In 2011, NASA chartered SpaceShipTwo for three research flights in a $4.5 million deal.

Antares engulfed in flames

On Tuesday, an Orbital Sciences Corp. Antares rocket, which was making its fifth venture into space, erupted in a massive fireball over the coast of Virginia, obliterating a Cygnus cargo ship that was on board.

READ MORE: ISS-bound rocket explodes on takeoff from NASA facility in Virginia (PHOTOS, VIDEO)

The $200 million launch was to be the third of eight planned Orbital missions to ferry gear and food to astronauts aboard the ISS. Instead, 5,000 pounds of food, supplies and scientific equipment were incinerated, undermining faith in NASA’s commercial space station resupply program.

Falcon down

On August 22, an experimental test flight of a three-engine Space X Falcon 9R rocket over McGregor, Texas, went awry. Sailing vertically into the air, the rocket veered off of its trajectory, causing the onboard safety system to issue a self-destruct command.

The rocket was subsequently swallowed by a fireball, with debris raining down over the Lone Star State. SpaceX founder and CEO Elon Musk blamed the accident on a “blocked sensor port.”

READ MORE: SpaceX rocket explodes during test flight

The firm plans to become a private taxi service for NASA, with the goal of being the first commercial company to take astronauts into space as early as 2017.

Chasing the dream

The Dream Chaser shuttle, made by Sierra Nevada Corporation of Sparks, Nevada, crashed during an unmanned free-fly test. Once released from a helicopter, the craft’s left-hand landing gear did not deploy.

Sierra Nevada Corporation of Sparks is a NASA-funded project designated to send astronauts to space.

Amazon blunder

Amazon’s hopes for a commercial space program were called into question on August 24, when an unmanned rocket manufactured by Blue Origin – a company funded by Amazon CEO Jeff Bezos – crashed during a test flight.

The aircraft lost control as it reached 1.2 times the speed of sound, forcing the test to be terminated.

Bezos’ venture recently received funding from NASA to develop aircraft to be used as space taxis for the agency.

What We Can Learn From The Adobe E-Reader Mess

EFF's Deeplinks -

Earlier this month we wrote about potential malicious behavior in Adobe's e-reader software, “Digital Editions.” There were several independent reports claiming that Adobe's software was sending back to Adobe–in the clear–a list of books read in the software. There were also independent reports that the program was sending back lists of books on an attached e-reader, even if those books had never been opened in ADE itself – in other words, collecting information not just about the book you are reading now, but your electronic library.

On the other hand, not everyone was able to replicate the all of this behavior, so we decided to run our own tests. We were able to confirm that Adobe Digital Editions 4.0.0 was sending back metadata, including the title and pages read, about books read in the software. Even more troubling, the software was sending back information about books loaded onto certain attached e-readers – contrary to Adobe's claim that it collected information solely “for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader.”

To perform these tests we ran Wireshark, an open source program that records network traffic, allowing researchers to analyze it. With Wireshark running we opened Adobe Digital Editions and performed some tasks such as adding books to the library, reading books, and deleting books. On each start of the software it would send back metadata about the previous session such as titles of books, pages read, time spent reading and more.

Data being sent to Adobe's servers. Including book title and pages read.

We were also able to reproduce the results of the experiment run by The Digital Reader. To perform these tests we again used Wireshark. We plugged a Sony Reader PRS-600 into a computer with ADE installed. When we started ADE with the reader plugged in, we observed ADE sending back data about what has been happening on the reader such as books added and deleted from the reader. Books which were never opened in Adobe Digital Editions.

We were also able to confirm that Adobe Digital Editions gets information from other e-readers that simply have Adobe software installed on them, such as the Sony Reader, Nook, and Boyue. Of course, there may be other readers that are also susceptible.

Last week, responding to criticism about these privacy violations, Adobe released a new version of their reader software. The changelog states that it has “Enhanced security for transmitting rights management and licensing validation information. With this latest version of Digital Editions 4.0.1, the data is sent to Adobe in a secure transmission (using HTTPS).”

We decided to run more tests to determine exactly what data—if any—Adobe was still collecting about reading habits. To perform these tests we used Fiddler. Fiddler is a local proxy that intercepts HTTPS traffic and allows you to decrypt it. It does this by performing a “man in the middle” attack, where it intercepts the traffic before it is encrypted, and encrypts it to a key that you control, allowing it to be decrypted.

With this test we were able to determine that Adobe is now encrypting the connections between ADE and Adobe servers. But more importantly, it appears that Adobe is no longer sending back metadata on what books you read. When we performed tests with the new version, the only time we saw data going back to an Adobe server was when an ebook with DRM was opened for the first time. This data is most likely being sent back for DRM verification purposes, and it is being sent over HTTPS. It even seems that Adobe has gone one step further and shut down plaintext HTTP access to their logging servers, so that even ADE 4.0 is no longer able to send back data about what books you are reading.

It appears the problem is solved, for now. So, what can we learn from this mess?

  1. If you make a mistake that violates your user's privacy, you must immediately and completely fix the problem. We applaud Adobe for taking action to fix the privacy problems in their Digital Editions software.
  2. Adobe has a lot more to do to restore reader trust. First, they developed and marketed a product that seriously compromised reader privacy. Second, when the flaw was exposed, they admitted one error (transmitting data in the clear) but continued to deny collecting information about reader libraries.
  3. We can't trust vendors to protect our privacy for us. We expect Adobe didn't deliberately set out to undermine our privacy – but it happened anyway, and could have continued indefinitely if the Digital Reader hadn't done a little investigating. Which leads to the final lesson:
  4. Doctorow's Law: Anytime someone puts a lock on something you own, against your wishes, and doesn't give you the key, they're not doing it for your benefit. ADE is not exactly a lock, but it collects a host of information about the reader in order to, among other things, “facilitate the implementation of different licensing models by publishers.” In other words, to assist sellers, not readers. So let us suggest a corollary to Doctorow's law: Anytime someones collect information about you, without your knowledge and against your wishes, they're not doing it for your benefit.
Related Issues: DRMReading AccessibilityDigital Books
Share this:   ||  Join EFF

How to train your doctor... to use open source

LXer -

Luis Ibanez, a fellow Opensource.com moderator, gave a talk at the All Things Open conference this year about open source in healthcare. Luis’s story was so interesting—I hope I caught all the numbers he shared—but the moral of the story is that hospitals could save insane amounts of money if they switched to an open system.

Boo! The House Majority PAC Is Watching You

Slashdot -

An anonymous reader writes I received some interesting mail this week from the House Majority PAC. First, a "voter report card" postcard telling me my voting record was "excellent" (I'm a good citizen!), but also letting me know that they "plan to update this report card after the election to see whether you voted". OK, so one of the Democratic Party's super PACs want me to vote, but it seems to be something of an attempt at intimidation. Today, I received a letter in which they really put the pressure on. Here are some excerpts: "Who you vote for is secret. But whether or not you vote is public record. Our organization monitors turnout in your neighborhood, and we are disappointed that many of your neighbors do not always exercise their right to vote." So why contact me instead of them? Voting is a civic duty, but it isn't illegal to abstain. That's my neighbors' business, not mine. It's one way of expressing dissatisfaction, isn't it? And if there are no candidates you wish to vote for, then why should you vote for someone you don't want? But Big Brother PAC has other ideas: "We will be reviewing the Camden County [NJ] official voting records after the upcoming election to determine whether you joined your neighbors who voted in 2014. If you do not vote this year, we will be interested to hear why not." The letter is signed "Joe Fox Election day Coordinator". So what happens if I don't vote? Well, at least I got a scare this Halloween. Are PACs using similar tactics in other states?

Read more of this story at Slashdot.


Subscribe to debianHELP aggregator