Technology will, by itself, degrade

Sunday, January 12th, 2020

I didn’t recognize Jonathan Blow by name — he’s the “indie” game designer behind Braid, which I haven’t played, but which I have mentioned — but he recently gave a speech about a topic that interests me, Preventing the Collapse of Civilization:

He presents the key point fifteen minutes in:

This is why technology degrades. It takes a lot of energy to communicate from generation to generation, there are losses.

Nikita Prokopov summarizes it this way:

The software crisis is systemic and generational. Say, the first generation works on thing X. After X is done and becomes popular, time passes and the next generation of programmers comes and works on Y, based on X. They do not need to know, exactly, how X is built, why it was built that way, or how to write an alternative X from scratch. They are not lesser people or lazier, they just have no real need to write X2 since X already exists and allows them to solve more pressing tasks.

The biggest a-ha moment of the talk was that if you are working on Y and Y is based on X, that does not imply automatically that you would know X also. Even if the people who build X are still around, knowledge does not spread automatically and, without actual necessity, it will go away with the people who originally possessed it.

This is counter-intuitive: most people would think that if we’ve built, for example, a space ship or a complex airplane in the past, we could build it again at any time. But no, if we weren’t building a particular plane uninterruptedly, then after just 50 years it is already easier to develop a new one from scratch rather than trying to revive old processes and documentation. Knowledge does not automatically transfer to the next generation.

In programming, we are developing abstractions at an alarming rate. When enough of those are stacked, it becomes impossible to figure out or control what’s going on down the stack. This is where my contribution begins: I believe I have found some pretty vivid examples of how the ladder of abstractions has started to fall and nobody can do anything about it now because we all are used to work only at the very tip of it.

I still think a good general education would teach how to rebuild civilization. (I haven’t read my copy of How to Invent Everything: A Survival Guide for the Stranded Time Traveler yet, but it looks promising.)

It doesn’t collect data on how hard body parts are hitting the ground or other players

Friday, December 27th, 2019

Amazon-analyzed big data may not be enough to predict injuries in the NFL :

The Amazon Web Services partnership will try to close the gap with league-level data from the NFL’s Next Gen Stats, which capture location data, speed, and acceleration for every player on the field hundreds of times a minute through microchips in their pads. It also includes video footage of games, information on playing surface and environmental factors, and anonymized player injury data, according to the NFL. It doesn’t collect data on how hard body parts are hitting the ground or other players, which is one limitation, Binney says. But it can see, with granular detail, how and at what speed a player ran a play, changed direction, or made a tackle. The goal is to find out if any common elements of football are more likely than others to lead to any injury.

This stat caught my eye:

Currently, the injury count per game is holding steady at an average of six or seven.


It’d be hard to imagine a more powerful asset for criminals

Thursday, December 26th, 2019

Wes Siler’s friend Joe had his MacBook and iPad stolen from the back of a locked car over Thanksgiving:

So far, so normal, right? Well, the thieves only broke the small window immediately adjacent to where his devices were hidden and only took the backpack containing them. Police told him it was likely they’d used a Bluetooth scanner to target his car and even located exactly where his devices were before breaking into it.

When he texted me about what happened, I turned to Google to see what a Bluetooth scanner was and immediately found dozens of smartphone apps. The first one I downloaded didn’t just show me the signal strengths it detected, it also listed the specific types of devices and even displayed pictures of them—you know, for easy identification. Using signal strength as a distance meter, I found the phone my fiancée misplaced before she went to work. Another app displayed a live list of the devices commuters had in their cars while driving past my house. These apps are free and take no technical know-how or experience whatsoever to use. While they aren’t designed specifically to aid thieves (developers need tools like these when designing Bluetooth accessories), it’d be hard to imagine a more powerful asset for criminals.

A Tesla valve allows a fluid to flow preferentially in one direction, without moving parts

Wednesday, December 18th, 2019

In 1920, Nikola Tesla was awarded U.S. Patent 1,329,559 for his valvular conduit, or Tesla valve, which allows a fluid to flow preferentially in one direction, without moving parts:

That’s a goofy sounding scheme

Wednesday, December 18th, 2019

Jerry Pournelle closes There Will Be War Volume II with a discussion of the strategic dilemma facing the United States, where any defensive measure reduces the stability of Mutual Assured Destruction:

Civil Defense structures were originally planned as part of the Interstate Highway System. There were to be fallout and partial blast shelters under most of the approach ramps. This would have been easy to do as part of the construction, and a few model shelters were actually built as a demonstration.


The Triad is composed of manned bombers, submarine launched ballistic missiles (SLBM), and land-based intercontinental ballistic missiles (ICBM). Prior to the ICBM leg we had Snark, an air-breathing pilotless aircraft capable of flying intercontinental distances—an early “cruise missile.”

Each leg, then, depends on a different mechanism for survival. The manned bomber is very soft; it can be killed on the ground by nukes landing a long way off. It depends for early survival on warning: unlike the other two legs of the Triad, the manned bombers can be launched at an early stage of alert and still be recalled.


(I helped work on updates to the B-52 as my first aerospace job.)


One USAF colonel recently described a B-52 as “a mass of parts flying in loose formation.”


Even if the bombers can penetrate, they’re not useful for fighting a nuclear war. You can’t send the bombers to attack Soviet missile bases; there’d be nothing to hit but empty holes by the time a subsonic bomber got to the target.


Cruise missiles can be an excellent supplement to the strategic force, but they are certainly not a potential leg of the Triad. They are vulnerable to everything that kills airplanes (on the ground or in the air) without the recall advantages of manned aircraft.

The second leg of the Triad is the submarine. Its survival depends entirely on concealment. If you can locate a submarine to within a few miles, it can be killed by an ICBM carrying an H-bomb.


Note, by the way, that all the subs in harbor — up to a third of them, sometimes more — are dead the day the war starts.


Unfortunately, the submarine’s concealment isn’t what it used to be. Subs can be located in at least two ways. First, by tracking them from their bases; every submariner can tell you stories about playing tag with the Russkis when they leave Holy Loch.

Worse, though, the oceans aren’t nearly so opaque as we thought. Not long ago we took a look at some radar pictures made from a satellite. “Look at that,” one of the engineers said. “You can see stuff down in the ocean! Deep in the ocean.” And sure enough, using “synthetic aperture” radars, the oceans have become somewhat transparent down to about fifty meters. While the subs can go deeper than that, they can’t launch from deeper than that.


Incidentally, as I write this, a Soviet naval surveillance satellite is about to fall. It carried a 100 kilowatt nuclear power plant. The United States has yet to put a ten kilowatt satellite into orbit.


Submarines have to launch their missiles from unpredictable places (by definition; imagine what the KGB would pay to find out where our subs would launch from), and this drastically limits their accuracy.


Suppose one morning the Soviets knock out our Minutemen installations (not too difficult, as we’ll see in a bit) and many of our subs. They still have quite a few birds left. The Red Army is marching into Germany. The hot line chatters, and the message is pretty simple: “You haven’t really been hurt. Most of your cities are in good shape. Cool it, or we launch the rest of our force.”

At that point it would be useful to have something capable of knocking out the rest of their strategic force.

To have that capability, you need land-based missiles. To be exact, you need MX. MX, and only MX, has both the accuracy and the Multiple Independently Targetable Re-entry Vehicles (MIRVS, and they’re different from multiple warheads; MIRVS can attack targets much farther apart) that might give some counterforce capability.


If you attack a target with an ICBM, your “single shot probability of kill” (PKSS) depends on three major factors: attacker’s yield, attacker’s accuracy, and hardness of target.


While there are classified refinements, all the numbers you really need have long since been published in the US Government Printing Office’s “The Effects of Nuclear Weapons”. They’ve even been put on a circular slide rule that the RAND Corporation used to sell for about a dollar in the 60’s.


The Minutemen Missile lies in a soil that’s officially hardened to 300 PSI. When we put in Minutemen—the last one was installed in the 60’s—it was no bad guess that the Soviets could throw a megaton with a CEP of about a nautical mile. This gave them a PKSS of about .09, and it would take more than 20 warheads to give better than .9 kill probability. That was obviously a stable situation.[...]Going to ten megatons puts the PKSS to about 35%, and it still takes more than five attackers to get a 90% chance of killing one Minuteman; still not a lot to worry about.

Changes in accuracy, on the other hand, are very significant. Cutting the CEP in half (well, to 2700 feet) gives one megaton the same kill probability as ten had for a mile. Cutting CEP to 1000 feet is more drastic yet: now the single shot kill probability of one megaton is above 90%.

If you can get your accuracy to 600 feet CEP, then a 500 kiloton weapon has above 99% kill probability. Now all you need is multiple warheads, and you’re able to knock out more birds than you launched. Clearly this is getting unstable.

In 1964 we figured the Soviets had 6000 foot CEP, and predicted that by 1975 they’d have 600 feet. By 1975 I’d given up my clearances, and I don’t know what they achieved.


Item: weather satellites; winds over target are predictable, so you can correct for them. Item: lots of polar-orbiting satellites; by studying them, you can map gravitational anomalies. Item: observation satellites; location errors just aren’t significant any more. Item: the Soviets have been buying gyros, precision lathes, etc., as well as computers. They already had the mathematicians.


Two: in the 60’s we studied lots and lots of mobile basing schemes: road mobile, rail mobile, off-road mobile, canal and barge mobile, ship mobile, etc. We even looked at artificial ponds, and things that crawled around on the bottom of Lake Michigan. There were a lot of people in favor of mobile systems — then. Now, though, there are satellites, and you know, it’s just damned hard to hide something seventy feet long and weighing 190,000 pounds. (Actually, by the time you add the launcher, it’s more like 200 feet and 500,000 pounds.)


Worse, you can’t harden a mobile system very much. Even a “small” ICBM rocket is a pretty big object. Twenty PSI would probably be more than we could achieve. The kill radius of a 50 megaton weapon against a 20 PSI target is very large: area bombardment becomes attractive.


And nearly every mobile basing scheme puts nukes out where they have to be protected from terrorists and saboteurs including well-meaning US citizens aroused in protest (and you just know there’ll be plenty of them).

Air-mobile and air-launched were long-term favorites, and I was much for them in the 60’s. The Pentagon’s most recent analysis says we just can’t afford them; it would cost in the order of $150 billion, possibly more.


In fact, every alternative you’ve ever heard of, and a few you haven’t, were analyzed in great detail back in 1964. I know, because I was editor of the final report. I even invented one scheme myself, Citadel, which would put some birds as well as a national command post under a granite mountain. The problem with that one is that the birds will survive, but if they attack the doors, how does it get out after the attack?


First try the obvious: harden your birds. In 1964 we called it “Superhard,” 5000 PSI basing. Now 5000 PSI isn’t easy to come by. There are severe engineering problems, and it isn’t cheap. Worse, “Superhard” didn’t buy all that much: at 500 foot CEP’s a megaton has a 95% chance of killing “superhard” targets. (A megaton weapon makes a crater 250 feet deep and over a thousand feet in diameter even in hard rock.) Thus putting MX in 5000 PSI silos separated by miles didn’t seem worth the cost.


Just about every honest analyst who takes the trouble to work through the numbers comes away muttering “That’s a goofy sounding scheme, but damned if it doesn’t look like it might work…”


Use the space environment and our lead in high technology to construct missile defenses. They won’t be perfect, but they won’t need to be: the enemy can’t know how good our defenses are. Thus he can’t be sure of the outcome of his strike.


Whether space research pays for itself fifteen times over, as space enthusiasts say, or only twice over, as its critics say, nearly everyone is agreed that it does pay for itself — which is more than you can say for most other parts of the budget.

If we fail to provide for the common defense, it does no good to promote the general welfare.

The Americans should have looked up

Friday, December 13th, 2019

In Ghost Fleet, the Chinese “Directorate” — the replacement for the Communist Party — uses a manned space station armed with lasers to take out satellites:

The chemical oxygen iodine laser, or COIL, design had originally been developed by the U.S. Air Force in the late 1970s. It had even been flown on a converted 747 jumbo jet15 so the laser’s ability to shoot down missiles in midair could be tested. But the Americans had ultimately decided that using chemicals in enclosed spaces to power lasers was too dangerous.


The Directorate saw it differently. Two modules away from the crew, a toxic mix of hydrogen peroxide and potassium hydroxide was being blended with gaseous chlorine and molecular iodine.


There was no turning back once the chemicals had been mixed and the excited oxygen began to transfer its energy to the weapon. They would have forty-five minutes to act and then the power would be spent.


For years, military planners had fretted about antisatellite threats from ground-launched missiles, because that was how both the Americans and the Soviets had intended to take down each other’s satellite networks during the Cold War.

More recently, the Directorate had fed this fear by developing its own antisatellite missiles and then alternating between missile tests and arms-control negotiations that went nowhere, keeping the focus on the weapons based below. The Americans should have looked up.


A quiet hum pervaded the module. No crash of cannon or screams of death. Only the steady purr of a pump signified that the station was now at war.

The first target was WGS-4,16 a U.S. Air Force wideband gapfiller satellite. Shaped like a box with two solar wings, the 3,400-kilogram satellite had entered space in 2012 on top of a Delta 4 rocket launched from Cape Canaveral.

Costing over three hundred million dollars, the satellite offered the U.S. military and its allies 4.875 GHz of instantaneous switchable bandwidth, allowing it to move massive amounts of data. Through it ran the communications for everything from U.S. Air Force satellites to U.S. Navy submarines. It was also a primary node for the U.S. Space Command. The Pentagon had planned to put up a whole constellation of these satellites to make the network less vulnerable to attack, but contractor cost overruns had kept the number down to just six.

The space station’s chemical-powered laser fired a burst of energy that, if it were visible light instead of infrared, would have been a hundred thousand times brighter than the sun. Five hundred and twenty kilometers away, the first burst hit the satellite with a power roughly equivalent to a welding torch’s. It melted a hole in WGS-4’s external atmospheric shielding and then burned into its electronic guts.

Chang watched as Huan clicked open a red pen and made a line on the wall next to him, much like a World War I ace decorating his biplane to mark a kill. The scripted moment had been ordered from below, a key scene for the documentary that would be made of the operation, a triumph that would be watched by billions.


Originally known as the X-37,17 USA-226 was the U.S. military’s unmanned space plane. About an eighth the size of the old space shuttle, the tiny plane was used by the American government in much the same way the shuttle had been, to carry out various chores and repair jobs in space. It could rendezvous with satellites and refuel them, replace failed solar arrays using a robotic arm, and perform many other satellite-upkeep tasks.

But the Tiangong’s crew, and the rest of the world’s militaries, knew the U.S. military also used USA-226 as a space-going spy plane. It repeatedly flew over the same spots at the same altitude, notably the height typically used by military surveillance satellites: Pakistan for several weeks at a time, then Yemen and Kenya, and, more recently, the Siberian border.

With its primary control communications link via the WGS-4 satellite now lost, the tiny American space plane shifted into autonomous mode, its computers searching in vain for other guidance signals. In this interim period, USA-226’s protocol was to cease acceleration and execute a standard orbit to avoid collisions. In effect, the robotic space plane stopped for its own safety, making it an easy target.

The taikonauts moved on down the list: the U.S. Geosynchronous Space Situational Awareness system was next. These were satellites that watched other satellites. The Americans’ communications were now down, but once these satellites were taken out, the United States would be blind in space even if it proved able to bring its networks back online.

After that was the mere five satellites that made up the U.S. military’s Mobile User Objective System, akin to a global cellular phone provider for the military. Five pulses took out the narrowband communications network that linked all the American military’s aerial and maritime platforms, ground vehicles, and dismounted soldiers.

Then came the U.S. Navy’s Ultra High Frequency Follow-On (UFO) system,19 which linked all of its ships.

It was almost anticlimactic, the onboard targeting system moving the taikonauts through the attack’s algorithm step by step, slowing down only when a cluster of satellites sharing a common altitude needed to be dispatched one by one.

The last to be “serviced,” as Huan dryly put it, was a charged-particle detector satellite. The joint NASA and Energy Department system had been launched a few years after the Fukushima nuclear plant disaster as a way to detect radiation emissions. A volley of laser fire from Tiangong-3 exploded its fuel source.


On the other side of the Earth, discarded booster rockets were coming to life after months of dormancy. The boosters turned kamikazes advanced on collision courses with nearby American government and commercial communications and imaging satellites. The American ground controllers helplessly watched the chaos overhead, unable to maneuver their precious assets out of the way.

The Pi 4 is acting as a WiFi jammer on itself

Friday, December 13th, 2019

Making upgrades to a popular product line sounds like a good idea:

In the Raspberry Pi world, it seems that the “upgraded engine” in the Pi 4 is causing the WiFi to stop working under specific circumstances.

[Enrico Zini] noticed this issue and attempted to reproduce exactly what was causing the WiFi to drop out, and after testing various Pi 4 boards, power supplies, operating system version, and a plethora of other variables, the cause was isolated to the screen resolution. Apparently at the 2560×1440 setting using HDMI, the WiFi drops out. While you could think that an SoC might not be able to handle a high resolution, WiFi, and everything else this tiny computer has to do at once. But the actual cause seems to be a little more interesting than a simple system resources issue.

[Mike Walters] on a Twitter post about this issue probed around with a HackRF and discovered a radio frequency issue. It turns out that at this screen resolution, the Pi 4 emits some RF noise which is exactly in the range of WiFi channel 1. It seems that the Pi 4 is acting as a WiFi jammer on itself.

Once it was deployed, it offered inspiration for anyone, including one’s enemies

Thursday, December 12th, 2019

Early in Ghost Fleet, the DIA — “it was something like the CIA, but for the U.S. military” — get compromised:

Neither of them noticed the other, but as she passed the landscaper, his tablet recognized the RFID chips embedded in Allison’s security badge. A localized wireless network formed for exactly 0.03 seconds. In that instant, the malware hidden in the video packet from Caracas made its jump.


The idea of using covert radio signals to ride malware into a network unconnected to the wider Internet had actually been pioneered by the NSA, one of the DIA’s sister agencies. But like all virtual weapons, once it was deployed in the open cyberworld, it offered inspiration for anyone, including one’s enemies.


And bit by bit, the malware worked its way into the various subnetworks that linked via the Defense Department’s SIPRNet classified network.


The initial penetrations didn’t raise any alarms among the automated computer network defenses, always on the lookout for anomalies. At each stop, all the packet did was link with what appeared to the defenses as nonexecutables, harmless inert files, which they were, until the malware rearranged them into something new. Each of the systems had been air-gapped, isolated from the Internet to prevent hackers from infiltrating them. The problem with high walls, though, was that someone could use an unsuspecting gardener to tunnel underneath them.

The Battlestar Galactica remake seems oddly prescient in its emphasis on cyber-warfare vulnerabilities.

Goodyear Inflatoplane

Monday, December 9th, 2019

Designed and built in 12 weeks in 1956, the Goodyear Inflatoplane could be dropped in a hardened container behind enemy lines:

The 44 cubic ft (1.25 cubic meter) container could also be transported by truck, jeep trailer or aircraft. The inflatable surface of this aircraft was actually a sandwich of two rubber-type materials connected by a mesh of nylon threads, forming an I-beam. When the nylon was exposed to air, it absorbed and repelled water as it stiffened, giving the aircraft its shape and rigidity.

Goodyear AO-3 Inflatoplane in air

Structural integrity was retained in flight with forced air being continually circulated by the aircraft’s motor. This continuous pressure supply enabled the aircraft to have a degree of puncture resilience, the testing of airmat showing that it could be punctured by up to six .30 calibre bullets and retain pressure.

It didn’t go through

Friday, November 22nd, 2019

I was not expecting Tesla’s new “cybertruck” to look like this:

“As processing power grows,” Paul Graham quipped, “future versions of the cybertruck will have more curved lines.”

Crowther wanted to connect better with his daughters

Thursday, November 21st, 2019

Fenton Wood recently mentioned that his latest novel includes a labyrinth chapter “incorporating classical myths, video game lore,” etc. I asked if it featured “a maze of twisty little passages, all alike” — one of the memorable bits from Colossal Cave Adventure:

Will Crowther was a programmer at Bolt, Beranek & Newman (BBN), and helped to develop the ARPANET (a forerunner of the Internet). Crowther and his wife Pat were experienced cavers, having previously helped to create vector map surveys of the Mammoth Cave in Kentucky in the early 1970s for the Cave Research Foundation. In addition, Crowther enjoyed playing the tabletop role-playing game Dungeons & Dragons with a regular group which included Eric S. Roberts and Dave Lebling, one of the future founders of Infocom.

Following his divorce from Pat in 1975, Crowther wanted to connect better with his daughters and decided a computerized simulation of his cave explorations with elements of his role-playing games would help. He created a means by which the game could be controlled through natural language input so that it would be “a thing that gave you the illusion anyway that you’d typed in English commands and it did what you said”. Crowther later commented that this approach allowed the game to appeal to both non-programmers and programmers alike, as in the latter case, it gave programmers a challenge of how to make “an obstinate system” perform in a manner they wanted it to.

Developed over 1975 and 1976, Crowther’s original game consisted of about 700 lines of FORTRAN code, with about another 700 lines of data, written for BBN’s PDP-10 timesharing computer. The data included text for 78 map locations (66 actual rooms and 12 navigation messages), 193 vocabulary words, travel tables, and miscellaneous messages.

A vortex of smart-cam clips, Nextdoor rants, and cellphone surveillance

Thursday, November 7th, 2019

I don’t think this Atlantic piece on “porch pirates” in San Francisco is meant as an ad for Ring video doorbells (and Nest cams, too), but it achieves that goal nonetheless:

It was only about nine months later, in May 2017, when one of Fairley’s neighbors plastered photos of her, “Wanted”-style, on Nextdoor, that Fairley realized things were about to get worse. Nextdoor is an online ticker tape of homeowner and tenant concerns, and the grievances can be particularly telling in a city of Dickensian extremes like San Francisco, whose influx of tech wealth is pitting suburban expectations against urban realities. The city’s property-crime rate is among the highest in the United States. Nextdoor posts about dogs slurping from a public drinking fountain and Whole Foods overcharging again (“Be on guard”) show up alongside reports of smash-and-grab car break-ins, slashed tires, and an entire crime subgenre of “porch pirates,” the Artful Dodgers of the Amazon age.

Fairley and her neighbor do not agree — will likely never agree — on what happened in the minutes prior to the photos of Fairley going up on Nextdoor. Fairley has sworn that the boxes she picked up were from down the street, where they had been laid out for the taking, and that her 6-year-old daughter was helping to haul them to their home in the public housing down the block.

Julie Margett, a nurse who lives on the street, in a purple cottage with a rainbow gay-pride flag and a black lives matter sign in the window, said she was leaving her garage and spotted Fairley coming down her neighbor’s stairs carrying boxes with various addresses on them. Surmising that they were stolen, she asked Fairley warily, in her British accent, “What are you doing?”

Fairley called her a racist (in fact, she still does) and told her she was in the middle of moving. “That was what was so disarming about her,” Margett told me. “Before you know it, she’s torn you to shreds and she’s off down the block.” Margett snapped photos of the mother-daughter haul act — in one, the young girl sticks her tongue out at the camera — and, after calling the police, uploaded them into a Nextdoor post: “Package thieves.”

So, Fairley told me two years later, sitting in an orange sweatsuit in a county-jail interview room, that was the real acceleration of the epic feud of Fairley v. Neighbors of Potrero Hill, a vortex of smart-cam clips, Nextdoor rants, and cellphone surveillance that would tug at the complexities of race and class relations in a liberal, gentrifying city. The clash would also expose a fraught debate about who is responsible, and who is to blame, for the city’s increasingly unlivable conditions. As Fairley says, “It just got bigger and bigger and bigger.”

Parts of potrero hill feel like the sort of charmed place where Amazon deliveries could sit undisturbed on your stoop. The hill’s western ridge, overlooking the city, is filled with cozy bungalows and Victorian houses that once were affordable for San Francisco’s working and artistic classes but have appreciated during the tech rush; now most of them sell for well over $1 million. The public hospital where Fairley was born is now named after Mark Zuckerberg.

Meanwhile, the hill’s eastern and southern flanks are still lined with decrepit 1940s-era bunkers of public housing between patches of scruffy grass and concrete patios. The unhoused have set up camp around the neighborhood too, the city’s homeless population having spiked 30 percent in the past two years. This sometimes has led to hostile and politically divisive clashes, like when a luxury auction house at the foot of Potrero turned its sprinklers on the tents clustered outdoors in 2016. (The auction house claimed that the sprinklers were meant to clean the building and sidewalks, and were “not intended to disrespect the homeless.”)

Go anywhere and land anywhere quickly and quietly

Saturday, October 12th, 2019

Kitty Hawk’s HVSD — or Heaviside, after renowned physicist and electrical engineer Oliver Heaviside — is an electric aircraft designed to go anywhere and land anywhere quickly and quietly:

The aircraft is 100 times quieter than a helicopter, the pair said. And it’s faster. Thrun says HVSD, which has a range of about 100 miles, can travel from San Jose to San Francisco in 15 minutes. The aircraft can be flown autonomously or manually, but even then most of the tasks of flying are handled by the computer, not the human.

Moments after walking around HVSD, the decibel meter, still in Thrun’s grasp, gets put to work. A helicopter that is stationed about 150 feet from where we’re standing is fired up. After two minutes, the helicopter lifts off, its whop-whop-whop lingering even as the craft is more than 600 feet in the air and begins its circular flight path around the testing area. The meter pops above 85 decibels and stays there for several minutes. The decibels go beyond 88 decibels at landing.

Later, after the helicopter lands and the engine slowly winds down, the test turns to HVSD.

An engineer, who is standing in an open air tower, brings HVSD suddenly to life. Unlike a helicopter, the HVSD starts and lifts off in just seconds. There is sound as it lifts off — hitting about 80 decibels — but what’s striking is the brevity. The take-off sound lasts fewer than 10 seconds. As HVSD gains altitude and then circles above us, the only sound is a few engineers and technicians talking nearby.

Once Thrun quiets the crew, the noise falls below 40 decibels, which is what a typical, quiet residential neighborhood registers at. HVSD is nearby at about 600 feet of altitude, but it is barely audible as it circles above us. An office with an air conditioning running might be about 50 decibels, Thrun says for comparison.

“The calculus here is that this has to be socially acceptable for people,” Thrun says. “There’s a reason why helicopters are not: they’re for rich people and they’re noisy.”

(Hat tip to Hans G. Schantz, whose Hidden Truth novels feature Heaviside.)

It wasn’t a 100 percent honest honest mistake

Sunday, October 6th, 2019

Boeing’s MCAS (the Maneuvering Characteristics Augmentation System) was an honest mistake, but the secrecy shrouding the program’s very existence told you it wasn’t a 100 percent honest honest mistake:

According to Rick Ludtke, a former Boeing employee, Boeing agreed to rebate Southwest $1 million for every MAX it bought, if the FAA required level-D simulator training for the carrier’s pilots.


Simulator training for Southwest’s 9,000 pilots would have been a pain, but hardly ruinous; aviation industry analyst Kit Darby said it would cost about $2,000 a head. It was also unlikely: The FAA had three levels of “differences” training that wouldn’t have necessarily required simulators. But the No Sim Edict would haunt the program; it basically required any change significant enough for designers to worry about to be concealed, suppressed, or relegated to a footnote that would then be redacted from the final version of the MAX. And that was a predicament, because for every other airline buying the MAX, the selling point was a major difference from the last generation of 737: unprecedented fuel efficiency in line with the new Airbus A320neo.

The MAX and the Neo derived their fuel efficiency from the same source: massive “LEAP” engines manufactured by CFM, a 50-50 joint venture of GE and the French conglomerate Safran. The engines’ fans were 20 inches — or just over 40 percent larger in diameter than the original 737 Pratt & Whitneys, and the engines themselves weighed in at approximately 6,120 pounds, about twice the weight of the original engines. The planes were also considerably longer, heavier, and wider of wingspan. What they couldn’t be, without redesigning the landing gear and really jeopardizing the grandfathered FAA certification, was taller, and that was a problem. The engines were too big to tuck into their original spot underneath the wings, so engineers mounted them slightly forward, just in front of the wings.

This alteration created a shift in the plane’s center of gravity pronounced enough that it raised a red flag when the MAX was still just a model plane about the size of an eagle, running tests in a wind tunnel. The model kept botching certain extreme maneuvers, because the plane’s new aerodynamic profile was dragging its tail down and causing its nose to pitch up. So the engineers devised a software fix called MCAS, which pushed the nose down in response to an obscure set of circumstances in conjunction with the “speed trim system,” which Boeing had devised in the 1980s to smooth takeoffs. Once the 737 MAX materialized as a real-life plane about four years later, however, test pilots discovered new realms in which the plane was more stall-prone than its predecessors. So Boeing modified MCAS to turn down the nose of the plane whenever an angle-of-attack (AOA) sensor detected a stall, regardless of the speed. That involved giving the system more power and removing a safeguard, but not, in any formal or genuine way, running its modifications by the FAA, which might have had reservations with two critical traits of the revamped system: Firstly, that there are two AOA sensors on a 737, but only one, fatefully, was programmed to trigger MCAS. The former Boeing engineer Ludtke and an anonymous whistle-blower interviewed by 60 Minutes Australia both have a simple explanation for this: Any program coded to take data from both sensors would have had to account for the possibility the sensors might disagree with each other and devise a contingency for reconciling the mixed signals. Whatever that contingency, it would have involved some kind of cockpit alert, which would in turn have required additional training — probably not level-D training, but no one wanted to risk that. So the system was programmed to turn the nose down at the feedback of a single (and somewhat flimsy) sensor. And, for still unknown and truly mysterious reasons, it was programmed to nosedive again five seconds later, and again five seconds after that, over and over ad literal nauseam.

Can we solve this by building trustworthy systems out of untrustworthy parts?

Wednesday, October 2nd, 2019

The United States government’s continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general, Bruce Schneier points out:

We have no choice but to trust them completely, and it’s impossible to verify that they’re trustworthy. Solving this problem ­ which is increasingly a national security issue ­ will require us to both make major policy changes and invent new technologies.

The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government. The government could require Huawei to install back doors into the 5G routers it sells abroad, allowing the government to eavesdrop on communications or — even worse — take control of the routers during wartime. Since the United States will rely on those routers for all of its communications, we become vulnerable by building our 5G backbone on Huawei equipment.

It’s obvious that we can’t trust computer equipment from a country we don’t trust, but the problem is much more pervasive than that. The computers and smartphones you use are not built in the United States. Their chips aren’t made in the United States. The engineers who design and program them come from over a hundred countries. Thousands of people have the opportunity, acting alone, to slip a back door into the final product.

There’s more. Open-source software packages are increasingly targeted by groups installing back doors. Fake apps in the Google Play store illustrate vulnerabilities in our software distribution systems. The NotPetya worm was distributed by a fraudulent update to a popular Ukranian accounting package, illustrating vulnerabilities in our update systems. Hardware chips can be back-doored at the point of fabrication, even if the design is secure. The National Security Agency exploited the shipping process to subvert Cisco routers intended for the Syrian telephone company. The overall problem is that of supply-chain security, because every part of the supply chain can be attacked.

Can we solve this by building trustworthy systems out of untrustworthy parts?

It sounds ridiculous on its face, but the internet itself was a solution to a similar problem: a reliable network built out of unreliable parts. This was the result of decades of research. That research continues today, and it’s how we can have highly resilient distributed systems like Google’s network even though none of the individual components are particularly good. It’s also the philosophy behind much of the cybersecurity industry today: systems watching one another, looking for vulnerabilities and signs of attack.

Security is a lot harder than reliability. We don’t even really know how to build secure systems out of secure parts, let alone out of parts and processes that we can’t trust and that are almost certainly being subverted by governments and criminals around the world. Current security technologies are nowhere near good enough, though, to defend against these increasingly sophisticated attacks. So while this is an important part of the solution, and something we need to focus research on, it’s not going to solve our near-term problems.

At the same time, all of these problems are getting worse as computers and networks become more critical to personal and national security. The value of 5G isn’t for you to watch videos faster; it’s for things talking to things without bothering you. These things — cars, appliances, power plants, smart cities — increasingly affect the world in a direct physical manner. They’re increasingly autonomous, using A.I. and other technologies to make decisions without human intervention. The risk from Chinese back doors into our networks and computers isn’t that their government will listen in on our conversations; it’s that they’ll turn the power off or make all the cars crash into one another.

All of this doesn’t leave us with many options for today’s supply-chain problems. We still have to presume a dirty network — as well as back-doored computers and phones — and we can clean up only a fraction of the vulnerabilities.