Toquop Nevada Coal Site

What are the long term impacts of sucking 814 gallons of deep aquifer water from Nevada’s Desert, putting 6 million tons of carbon dioxide and range of other pollutants and toxics into the air and ground all to generate 750 MW of power yearly for non-Nevada residents? And what about the opportunities for solar and wind are dismissed by such a misguided decision?

Read what one retired research scientist has to say.

Operating System Security Questioned

System engineers should pause before asserting that Linux operating systems are more secure then Microsoft.

Richard Ford, a computer science professor at the Florida Institute of Technology, Fabien Casteran, and Herbert Thompson, both of

Security Innovations, in a Microsoft-funded report, have concluded that companies face greater risks if they run their Web sites on Linux

rather than Windows Server 2003, a Microsoft-funded study has concluded.

In a paper released on March 22, 2005, the authors suggest that Web servers based on Windows Server 2003 had fewer flaws to fix than

those based on Red Hat Enterprise Linux ES 3 in a standard open-source configurationarchers said in a paper released on Tuesday.

Further, they indicate that the Microsoft-based Web server had far fewer "days of risk"--a measure of the number of days that each

vulnerability is known, but unpatched--than the open-source rival.

"All this study can do is give people pause, to say they shouldn't go with common wisdom over which platform has more security," said

Herbert Thompson. The common belief is that Linux is more secure that Windows.

However, Mark Cox, the leader of Red Hat's security response team differs.  "We believe there to be inaccuracies," he wrote about the

recent study in a blog posted to the software company's Web site on Tuesday. He said that the study did not separate "critical"

vulnerabilities from less serious ones, a comparison that would favor Red Hat.

For the study, researchers counted the fixes published for flaws in each Web server setup in 2004. In addition, they tallied days of risk,

the cumulative number of days between the time information on a flaw is publicly released and the time the software developer patches

that vulnerability.

A server using Red Hat Enterprise Linux ES 3 had more than 12,000 days of risk, while a Microsoft configuration had about 1,600, they

said.

As for flaws, a Red Hat-based Web server with open-source Apache Web server software, MySQL database and the PHP scripting

language had to deal with 174 holes in its default configuration, the study found. A Web server based on Microsoft Server 2003, Internet

Information Server 6, Microsoft SQL Server 2000 and ASP.Net had 52 vulnerabilities in the default configuration.

The researchers also studied Red Hat and Windows Web servers in minimal configurations, taking out of consideration applications that

are not needed for serving Web pages. Even in that case, Microsoft still handily beat Red Hat, with only 52 flaws, compared with 132 for

the Linux software.

Red Hat's Cox countered the findings in his blog posting. "There were only eight flaws in Red Hat Enterprise Linux 3 that would be

classed as 'critical' by either the Microsoft or the Red Hat severity scales," he wrote. "Of those, three-quarters were fixed in a day, and the

average was eight days."

Critical flaws are generally those that allow an attacker to remotely take control of a computer system. The study did break vulnerabilities
down into "high," "medium" and "low" severity ratings. Flaws graded as high severity include Red Hat and Microsoft's critical

classifications and flaws that allow local users to gain access to system functions. Microsoft had far fewer high-severity flaws in both the

default and minimal configurations, according to the paper.

Microsoft did fund the study, the researchers acknowledged. The software giant released a statement indicating that the report was part

of Microsoft's "Get the Facts" campaign aimed at highlighting the benefits of Windows software.

"When Security Innovations submitted a proposal to Microsoft to research ways to measure vendor software security, we evaluated the

proposal and determined that this type of analysis would be useful for our customers and funded their research," the company said in the

statement. "We encourage customers to review and evaluate the data in the context of their own computing environments."

"The methodology was designed to allow others to validate it for themselves--it has to be quantitative and repeatable," Thompson said.

"We didn't just want to hand people the cake; we wanted to give them a recipe as well."

While both days of risk and vulnerability counts aren't true measures of security, Thompson said that they wanted to focus on a metric

that mattered to system administrators. The cumulative time they had to wait for patches is a reasonable measure, he argued.

Thompson admitted, however, that security largely depends on the expertise of the administrator. "I think either (operating system) is

infinitely securable by a skilled Jedi administrator," Thompson said. "If I have a Linux guru, then I want that guy to do the Linux web

server. I am more of a Window guru, so I would use Windows."

NOAA Scientists Warn

Congratulations to the NOAA scientists at the Pacific Tsunami Warning Center in Hawaii who went to work within minutes of getting a seismic signal that an earthquake occurred off the west coast of Northern Sumatra, Indonesia.

NOAA issued a bulletin indicating no threat of a tsunami to Hawaii, the West Coast of North America or to other coasts in the Pacific Basin—the area served by the existing tsunami warning system established by the Pacific rim countries and operated by NOAA in Hawaii.

Scientists then began an effort to notify countries about the possibility that a tsunami may have been triggered by the massive 9.0 undersea earthquake.

Unfortunately, the Pacific Basin tsunami warning system did not detect a tsunami in the Indian Ocean since there are no buoys in place there. Even without a way to detect whether a tsunami had formed in the Indian Ocean, NOAA officials tried to get the message out to other nations not a part of its Pacific warning system to alert them of the possibility of a tsunami. However, the tsunami raced across the ocean at speeds up to 500 mph. Below is the timeline of agency's actions once the undersea earthquake was detected by the NOAA Pacific Tsunami Warning Center in Hawaii.

(All times listed below are Hawaii Standard Time or HST.)

At 2:59 p.m. Hawaii Standard Time (HST) on Christmas Day a large earthquake occurred in the Indian Ocean near Sumatra, Indonesia.

At 3:07 p.m. the resulting seismic signals received at the NOAA Pacific Tsunami Warning Center (PTWC) from stations in Australia triggered an alarm that alerted watchstanders.

At 3:10 p.m. PTWC issued a message to other observatories in the Pacific with its preliminary earthquake parameters.

At 3:14 p.m. PTWC issued a bulletin providing information on the earthquake and stating there was no tsunami threat to the Pacific nations that participate in the Tsunami Warning System in the Pacific (ITSU). These member nations are part of the UNESCO Intergovernmental Oceanographic Commission (IOC) and the International Coordination Group for the Tsunami Warning System in the Pacific (ICG/ITSU). India, Sri Lanka and the Maldives are not part of the Pacific system.

At 4:04 p.m. PTWC issued bulletin No. 2 revising the earthquake magnitude to 8.5. That bulletin stated no tsunami threat to the Pacific but identified the possibility of a tsunami near the epicenter. No additional information regarding the formation of a tsunami was available.

At approximately 4:30 p.m. HST PTWC attempted to contact the Australia Met Service with no luck but were successful in contacting Australia Emergency Management. They confirmed they were aware of the earthquake.

At approximately 5:30 p.m. Internet newswire reports of casualties in Sri Lanka provided PTWC with the first indications of the existence of a destructive tsunami. Indications are that the tsunami had already struck the entire area by this time, although we have not been able to obtain arrival times.

At approximately 5:45 p.m., armed with knowledge of a tsunami, PTWC contacted the U.S. Pacific Command (PACOM) in Hawaii.

At approximately 5:45 p.m., PTWC received a call from a Sri Lanka Navy Commander inquiring about the potential for further tsunami waves from aftershocks.

At approximately 6:00 p.m. the U.S. Ambassador in Sri Lanka called PTWC to set up a notification system in case of big aftershock. He said they would contact Sri Lanka Prime Minister's office for such notifications.

Continuing news reports gave increasing and more widespread casualties.

At approximately 7:25 p.m. the first reading from the Australian National Tidal Center gauge at Cocos Island west of Australia gave a reading of 0.5m crest-to-trough.

At 7:25 p.m. the Harvard University Seismology Department reported its preliminary Centroid Moment Tensor solution that indicated a magnitude of 8.9.

At approximately 7:45 p.m. PTWC contacted the Australia Bureau of Meteorology and advised them about the increased earthquake magnitude and the 0.5m reading at Cocos Island, as well as the possibility of a destructive tsunami impact on Australia's west coasts.

At approximately 8:00 p.m. PTWC re-contacted PACOM to advise of increased earthquake magnitude and potential for further tsunami impacts in the western Indian Ocean.

At approximately 8:15 p.m. Australia Bureau of Met called PTWC to advise they had issued an alert to their west coast.

At approximately 8:20 p.m. NOAA National Weather Service Pacific Region director contacted PTWC to report PACOM said no tsunami was observed at Diego Garcia in the Pacific.

At approximately 10:15 p.m. PTWC spoke with U.S. State Department Operations and advised them about the potential threat to Madagascar and Africa. They set up a conference call with the U.S. embassies at Madagascar and Mauritius, and PTWC advised them of the situation.

At 5:36 a.m. on December 27 PTWC issued a third Tsunami Information Bulletin for this event informing the Pacific that small sea level fluctuations from the Indian Ocean tsunami were being observed in the Pacific, probably from energy that wrapped around south of Australia.

The Pacific Warning System
Pacific warning network is comprised of (1) hundreds of seismic stations worldwide; (2) coastal tide gauges and sophisticated Deep-ocean Assessment and Reporting of Tsunamis (DART) buoys in the Pacific Basin capable of detecting a centimeter's difference in ocean height.

However, it is important to note that without similar gauges and buoys in the Indian Ocean PTWC officers were not in a position to detect a tsunami there.

NOAA's Responsibility to the International Community
The U.S. has demonstrated the effectiveness of its warning system within the Pacific region. It has also demonstrated that the warning system can provide initial earthquake information to other nations and is most willing to share that information with all concerned. With national dissemination and water level networks in place, NOAA’s information can be used to mitigate future disasters.

It is also important to recognize that tsunamis can come ashore within minutes of nearby earthquakes. In those instances, people must know what to do in the event of a "felt" earthquake in low lying coastal areas.

The need for a tsunami warning program outside the Pacific region has been raised since 1985 with little result. It now appears that there is new interest in this issue within the international ICG/ITSU community. The U.S. strongly supports such an effort.

Furthermore, the development of the Global Earth Observing System of Systems (GEOSS) led by the United States, Japan, South Africa and the European Commission—with 53 nations currently participating at the ministerial level—should help fill the sensor gap for other regions of the world. Two key focus areas of the GEOSS initiative are addressing "reducing loss of life and property due to disasters" and "monitoring our oceans."

NOAA is dedicated to enhancing economic security and national safety through the prediction and research of weather and climate-related events and providing environmental stewardship of the nation’s coastal and marine resources. NOAA is part of the U.S. Department of Commerce.