NASA embraces science enthusiasts with its Tweetups.

This past Thursday I had the pleasure of being invited to a tweetup at NASA Ames. For the uninitiated, a tweetup is a meetup, where those interested meet and tweet. NASA has embraced social media with a force, and offers tweetups at its various locations to encourage the public to learn more about NASA initiatives.

For 100 space nerds this was a dream come true. While I've been a fan of NASA all my life, this was a unique opportunity to interact with scientists working on Kepler, SOFIA and aeronautics. Fellow tweetup participant, Chris Hammond posted this fun, fast paced video of how to day unfolded. I've also posted photos of NASA Ames on Flickr.

NASA Ames is at the heart of the Kepler mission, NASA's project devoted to finding habitable planets. As you may have read on the QUEST blog, NASA's Kepler mission discovered its first Earth-size planet in a habitable zone, a region where liquid water could exist on a planet's surface. We heard from Natalie Batalha, deputy science team lead for the NASA Kepler mission who explained the challenges facing Kepler and the huge opportunities we may reap from such a mission.

According to Ms. Batalha, the data we are recovering from Kepler will keep scientists busy for decades as they search for habitable planets. She was careful distinguish that Kepler's mission was not about finding life, but about finding planets in ecosystems not dissimilar to our own that could hold the possibility of being habitable. The search for actual life on those planets will likely be up to a future NASA team dedicated to that purpose.

If you'd like to join a future tweetup, the best place to find information is by following @NASATweetup on Twitter. The next event is scheduled for March 19th at Goddard Space Flight Center in Maryland.

If you prefer to stay closer to the Bay Area, I would highly recommend going to see Natalie Batalha speak at San Jose State University on February 16th. You can get more information on that speaking engagement here.

37.7749295 -122.4194155

HTTPS Everywhere can help protect you while surfing the web.

Firesheep was created by Eric Butler to highlight the lack of security on many websites (including popular ones like Google, Facebook and Twitter) and strongly encourage those companies to make their sites more secure.

So what does that mean for you? We've all become accustomed to seeing a lock appear on a website when we go through the checkout process. This indicates that the website is securely transmitting your credit card data data. Similarly your bank implements HTTPS across its site because that's vital to their business. But many other companies only implement HTTPS when you're logging into a site, but not for the duration of your visit.

Often what happens is that during login a website will securely transmit your login information, but once you're logged in, your session is no longer secure. A cookie with your login information is saved on your browser so you don't need to keep logging in to browse. Every time you switch pages, that cookie information is transmitted to the web server. That's where Firesheep comes in. Firesheep steals your cookie information and allows another user to take over an account.

I spoke with Chris Palmer, director of technology for the San Francisco based Electronic Frontier Foundation about Firesheep, HTTPS and web security:

LK: Why do we need HTTPS anyhow?

CP: Because it's the best available protocol for web applications that provides any security at all. Remember, HTTPS is the bare minimum baseline for web security.

LK: If it's so vital, why haven't websites focused more on implementing HTTPS across their sites?

CP: There are several reasons.

1. If they are aware of the problem at all, web app developers continue to believe, incorrectly, that passive and/or active network attacks are difficult, expensive, and/or rare. In fact, passive and active network attacks are (and have been for some time; nevermind Firesheep) cheap, easy, and not uncommon. Therefore, developers don't realize they need to seek a solution.

2. Developers and business people incorrectly believe that "encryption is computationally expensive", and that therefore deploying HTTPS would require vastly more server resources. In fact, symmetric encryption performs on par with functions like compression that are universally understood to be affordable; web applications are I/O-bound, not CPU-bound; and most web sites pay an I/O cost far higher than necessary. Although HTTPS does incur some additional network I/O, most HTTP sites do more (or much more) network I/O than is necessary — thus, HTTPS is not the problem.

The result is that, if operators really do care about cost and performance, they can tune their sites to be faster and cheaper to run even with HTTPS.

LK: Is it technically challenging to implement HTTPS?

CP: Not inherently. However, sites that have accumulated "technical debt" may have a high cost of change. The cost is not specific to HTTPS; technically indebted software always has a high cost for ANY change. Developers who labor for 5 – 10 years under the belief that HTTP is secure will have embedded that assumption into the core of their software, and un-doing the mistake can be expensive. But again, that is not specific to HTTPS.

LK: There has recently been talk of Blacksheep, a browser plugin that alerts users when someone on the same network is using Firesheep. Does this offer protection from Firesheep?

CP: No.

LK: Eric Butler, the creator of Firesheep, has opened a can of worms. Is this his fault?

CP: The worms were already legion and crawling around all over the place. Firesheep merely grabs some of the already-present worms and puts them in your cereal. The real problem is that site operators have chosen to pass on the risk of using the Internet to their users, by not deploying a minimum standard of safety engineering. We users, security experts, and security activists should make maximum use of the Firesheep brouhaha to pressure site operators to meet the minimum safety standard.

Actually using Firesheep on non-consenting people is of course unethical, but I would not put the blame for such misuse on the Firesheep developers.

LK: What can we do to protect ourselves while surfing the web on open Wi-Fi networks?

CP: HTTPS Everywhere attempts to make maximal use of HTTPS for some sites that make HTTPS service available, and the latest release also secures the cookies for some sites. However, be aware that HTTPS Everywhere is necessarily limited; basically it is working in spite of site operators who have chosen not to deploy HTTPS correctly or completely.

This is why EFF, Access Now, and others urge people to contact site operators and demand HTTPS service. I would hold GitHub.com up as an example of how operators should respond to the news that HTTP is unsafe.

37.7749295 -122.4194155

Are you using Twitter or other social media as a way to promote progressive causes like energy efficiency? What do you think about mandatory home energy audits or line drying clothes versus machine drying? Source image: Tina Keller

Now I get my information mostly off the Internet and through Twitter, the social media service that is in the news because of its use by the opposition parties in Iran. Twitter is like snail mail cubed. You send messages from your computer or smart phone that immediately show up on the computers or phones of all your "followers." You get followers generally by following others. It's kind of an unwritten rule that if someone is following you should return the favor. So far I am following about 30 people or groups and have 11 followers. But I just started.

I am following Energy Circle, a new Internet resource that is using social media to report news about home energy efficiency on Twitter. A recent "tweet" connected me to an article by Peggy in Toronto who thinks that mandatory home inspections should be replaced with mandatory energy audits upon the time of sale of a home. Advanced Energy's Research Director Melissa Malkin-Weber, tweeted "Energy saving smugness nixes scratchiness of air dried sheets. But don't ask my kids about how those stiff cloth diapers felt."

I agree with Peggie and Melissa. But what do you think about mandatory home energy audits or line drying clothes versus machine drying? Are you using social media as a way to promote progressive causes like energy efficiency? You can respond below, and your response needn't be limited, like "tweets" are, to 140 characters. Or sign up for a Twitter account and join the conversation at KQED Science!

37.8686 -122.267