SpaceX F9 / Dragon 2 : CRS2 SpX-21 - Mission Updates : Dec - Jan (2020/21)

[Vettedrmr]

Just curious about some things from the NASA livestream of the CRS-21 docking. 

You make some interesting assumptions, mainly that the windows that are monitoring the docking progress can do anything more than just that, monitor.  You also assume that this isn't just a mirror workstation that is sending a full screen share from a control room monitor.

In either case, why would you be concerned about someone getting some kind of sensitive information from a public access livestream?  I'm pretty confident neither SpaceX nor NASA are concerned about security breaches nor ITAR releases from a public access event.

[ace5]

The total mass of the ISS now is reportedly at 996,828 lbs; do we have the on-orbit weight of the Cargo Dragon before docking?

[Targeteer]

Vestibule pressurization started 1729Z.  I am surprised the crew didn't have a later wake up call today.  All the Dragon ingress activities are occurring after the evening DPC, the normal end of their crew duty day...

[LouScheffer]

About to break post-Shuttle ISS mass record

Who keeps mass records in pounds?  This is an embarrassment to all engineers and scientists.

NASA PAO does, to communicate with the US general public, which uses pounds.

One of NASA's jobs, in my opinion, should be to help educate the interested, not to talk only to most parochial among them.  How hard would it be to say ISS set a new mass record of 452,154 kg (996,828 lbs)?   

[FutureSpaceTourist]

Just released NASA pre-launch photos of Dragon trunk and internal payload

[cohberg]

Just released NASA pre-launch photos of Dragon trunk and internal payload

Looks like all powered lockers are up top unlike D1. The 4 that are staying onboard are tucked into the shelf on the left and right I'd imagine.

We can also see part of the white "shelf" that spans the central aisle.

[Jorge]

About to break post-Shuttle ISS mass record

Who keeps mass records in pounds?  This is an embarrassment to all engineers and scientists.

NASA PAO does, to communicate with the US general public, which uses pounds.

One of NASA's jobs, in my opinion, should be to help educate the interested, not to talk only to most parochial among them.  How hard would it be to say ISS set a new mass record of 452,154 kg (996,828 lbs)?   

Your opinion is noted.

[seanpg71]

About to break post-Shuttle ISS mass record

Who keeps mass records in pounds?  This is an embarrassment to all engineers and scientists.

NASA PAO does, to communicate with the US general public, which uses pounds.

One of NASA's jobs, in my opinion, should be to help educate the interested, not to talk only to most parochial among them.  How hard would it be to say ISS set a new mass record of 452,154 kg (996,828 lbs)?   

They're both meaningless numbers for most readers anyway.  They might have just put up a graphic that said "Old record: Some Really Big Number | New Record: Some Slightly Bigger Number"

There's no education to be had from using kilograms here.  We don't have a good intuitive grasp of the relative sizes of numbers larger than a couple hundred.  People aren't going to think of this graphic when buying a bag of rice and say "yup - I want the one that's 1/50,000th the mass of ISS - so I should get the 10kg one."

As silly as it is.  If you want someone to actually have a sense of how massive ISS is, you'd want the graphic to say it's the same as ~300 midsized cars.

[mn]

About to break post-Shuttle ISS mass record

Who keeps mass records in pounds?  This is an embarrassment to all engineers and scientists.

NASA PAO does, to communicate with the US general public, which uses pounds.

One of NASA's jobs, in my opinion, should be to help educate the interested, not to talk only to most parochial among them.  How hard would it be to say ISS set a new mass record of 452,154 kg (996,828 lbs)?   

They're both meaningless numbers for most readers anyway.  They might have just put up a graphic that said "Old record: Some Really Big Number | New Record: Some Slightly Bigger Number"

There's no education to be had from using kilograms here.  We don't have a good intuitive grasp of the relative sizes of numbers larger than a couple hundred.  People aren't going to think of this graphic when buying a bag of rice and say "yup - I want the one that's 1/50,000th the mass of ISS - so I should get the 10kg one."

As silly as it is.  If you want someone to actually have a sense of how massive ISS is, you'd want the graphic to say it's the same as ~300 midsized cars.

I'm sure you know that 'midsized car' has very different meanings in the US and Europe

And maybe now I should run and hide somewhere far away from the mods.

[cohberg]

I labeled everything that I noticed. Anything new that is revealed by this 2nd interior shot?

[vaporcobra]

The 4K source of that spectacular aerial video SpaceX posted, captured by NASA's Jamie Peer.

https://images.nasa.gov/details-KSC-20201206-MH-JBP01-SpaceX_CRS_21_GSS_Helicopter_Launch_4K-3264463

[gemmy0I]

Just curious about some things from the NASA livestream of the CRS-21 docking. 

You make some interesting assumptions, mainly that the windows that are monitoring the docking progress can do anything more than just that, monitor.  You also assume that this isn't just a mirror workstation that is sending a full screen share from a control room monitor.

In either case, why would you be concerned about someone getting some kind of sensitive information from a public access livestream?  I'm pretty confident neither SpaceX nor NASA are concerned about security breaches nor ITAR releases from a public access event.

As someone whose day job involves advanced operating systems security work - this is exactly right. ☝ Good security should not rely on obscurity (i.e. hoping people can't hack you because they don't know/can't guess your setup) for protection. It should rely on principles such as defense-in-depth and compartmentalization of sensitive information and functions to ensure security even against an adversary who knows exactly what he's attacking.

The workstation being livestreamed is almost certainly not the actual mission control workstation, but rather a low-security PAO workstation that's mirroring the live telemetry. We've seen evidence of such an arrangement in the past when (IIRC on the Demo-1 mission) the webcast hosts have said things like "the camera view we're showing you on our screen here isn't perfectly aligned with the docking port, but don't worry, the real one in mission control is".

In high-security setups like what NASA uses for mission control, the workstations that actually have access to and control of sensitive systems are typically connected only to internal networks that are firewalled off from the Internet and from less-secure internal networks. (Ideally they would be "airgapped", i.e. have no physical connection at all between them, but in practice there are probably a few careful, well-firewalled cross-links to allow one-directional flow of information such as live camera views and telemetry for broadcast.)

The ISS, for instance, has two separate computer networks on station: a "high-security" one for the computers that actually control things that matter, and a "low-security" one with Internet access for the astronauts to use for personal communication and downtime. This is why they can get away with critical station support computers still running old, out-of-date operating systems like Windows XP, because they are protected at a much higher level. (Frankly, if they were relying on keeping up on Windows updates to protect their critical computers from attack, they'd have already lost the battle, because well-resourced attackers have access to "zero-day" attacks which are unknown to the manufacturer and therefore not patched yet.) For this reason, you may notice that (counterintuitively) it's the high-security computers on the station that are running the oldest and most out-of-date software. Having a channel in place to allow rapid updating could, in some respects, be itself a bigger attack vector than having their networks strongly compartmentalized. (It would also introduce the bigger problem of potentially breaking mission-critical control software due to its operating system changing out from under it; better to keep such things in a well-tested, known-stable configuration.)

So, if NASA's security team is doing their job right (which they probably are, otherwise the ISS would have been hacked many times over by now - it's too high-profile a target to not have people knocking on its door), it shouldn't matter if they have "insecure" programs such as Internet Explorer or Outlook on their mission control computers. The known insecurity of those computers' software goes far beyond a few "notorious" programs; a quick look at each month's update roster from any major software vendor makes it abundantly clear that no commonly deployed operating system is trustworthy enough for protecting a system like this. That known insecurity, therefore, has to be mitigated at a higher level through strategies like compartmentalization and defense-in-depth. As much as it makes many of us "tech folks" cringe, I would in fact expect such computers to be using Internet Explorer internally (for accessing local sites on the firewalled intranet) for a long time to come - for the simple reason that they don't have access to the Internet to maintain an up-to-date installation of a newer browser.

I don't want to sound like I'm coming down too hard on the OP, because this can be quite counterintuitive and contrary to popular advice (especially if one's exposure to the cybersecurity world is limited to personal computing and lower-security workplaces who are more concerned with liability and "best practices" than actual protection). Sadly, a lot of the "rules of thumb" people are told about how to "stay safe online" are vastly oversimplified and sometimes even counterproductive, and they break down most acutely in situations where high security is genuinely necessary.

^{(Apologies if this takes things off-topic; I often see these sorts of questions come up around space webcasts and wanted to chime in with some detailed answers. If this is too far afield for this thread, perhaps this sub-discussion could be moved to the "General ISS Q&A" thread.)}

[drnscr]

About to break post-Shuttle ISS mass record

Who keeps mass records in pounds?  This is an embarrassment to all engineers and scientists.

NASA PAO does, to communicate with the US general public, which uses pounds.

One of NASA's jobs, in my opinion, should be to help educate the interested, not to talk only to most parochial among them.  How hard would it be to say ISS set a new mass record of 452,154 kg (996,828 lbs)?   

How hard is it for someone to wrapped around the axle about using pounds vice kilos...  what difference, really, does it make?

[LouScheffer]

They're both meaningless numbers for most readers anyway.  They might have just put up a graphic that said "Old record: Some Really Big Number | New Record: Some Slightly Bigger Number"

There's no education to be had from using kilograms here. 

I agree 100% about the actual number being meaningless to most people, either in pounds or kg.

I disagree 100% about the "no education" part.  The education is, if you're a kid and want the be a part of this excitement, you should work in kilos, as all engineers do.  And by doing it in pounds, and only in pounds, NASA is educating the rest of the world that they are a nationalist-in-a-bad-way organization that has no consideration for the rest of the world, including ALL of their partners.  It's an education, all right, and not a good one.

[TJL]

Got my first (almost directly overhead) view of the heaviest (post shuttle) ISS configuration from Long Island this evening.

Time: Mon Dec 07 5:46 PM, Visible: 5 min, Max Height: 87°, Appears: 10° above NW, Disappears: 22° above SE

[freda]

Just curious about some things from the NASA livestream of the CRS-21 docking. 

You make some interesting assumptions, mainly that the windows that are monitoring the docking progress can do anything more than just that, monitor.  You also assume that this isn't just a mirror workstation that is sending a full screen share from a control room monitor.

In either case, why would you be concerned about someone getting some kind of sensitive information from a public access livestream?  I'm pretty confident neither SpaceX nor NASA are concerned about security breaches nor ITAR releases from a public access event.

I understand what you are saying.

Actually, this caught my eye not due to any ITAR or sensitive information issue.  This caught my eye because of lack of fundamental, cyber-security practices.

I read in 2018 or 2019 that NASA/JPL was hacked into by a “bad actor” getting access to their internal network, and spreading malware out to other NASA centers, due to one NASA/JPL employee plugging a webcam or some other device into the internal secure network.  Couple that with the fact that apparently NASA (and essentially all government agencies) are constantly being probed by bad guys, and you can see that once a vulnerability is available (or even hinted), it will quickly become known by those bad guys, and exploited.  By the user sharing their entire screen, that same bad guy was provided hints that could be exploited.

The computer hosting the screen-share today was apparently “inside” the NASA firewall (hopefully not inside the mission control segment, and double-hopefully provided with read-only permission), because there were two different programs running in two different windows on the screen that have access to internal video feeds and data.  Just a casual observer like myself could immediately see two odd things; 1) that this internal computer with direct access to mission data feeds also had user-email installed, and 2) that this computer also had an old version of Internet Explorer installed.  If I recall, user-email availability in an internal computer that has access to critical data like this is a known, top vulnerability point.  Add to that the fact that this internal computer (and broader NASA?) still seems to be using the old (less secure) Internet Explorer.  And finally, that the employee-user shared their entire screen (exposing all the system indications and additional system tray programs), rather than only sharing the one program they desired to share.

Would you share your entire screen in a meeting, if doing so would show all attendees not only that the computer you are on has direct access to attractive internal data, and also showed at least two potentials for vulnerabilities?  Do you or your organization use the old Internet Explorer?  If you work in an industrial or manufacturing environment, can devices on your control system or data system network access email?  I would hope all of these would be “no”.

And look at the numerous icons in the system tray.  A knowledgeable bad guy might recognize those.  If any of those many programs have vulnerabilities (what app doesn’t these days?), the bad guy would have some good hints about where to begin probing (if you use VNC or LastPass or any IoT device or most PDF-creators or any number of other programs, you might be surprised how much continuous up/down network traffic results that can be exploited). 

To clarify, I’m not really saying this would expose vulnerabilities to disrupt control of ISS or a spacecraft; but am saying it would (like the 2018 incident) expose vulnerabilities to the internal NASA network that the bad guy could in turn leverage.  If a bad guy was watching the stream today, they would have some hints because the internal user shared their entire screen, instead of just sharing the window with the video in it.

Yep, I am probably over-doing my curiosity, and am possibly not explaining well.  Oh well… my brain has now reached the limit of my knowledge on this subject.  The good news is that I’m not going to push the point.  All I can say is I was surprised. 

Very sorry for the too-long reply.

[LouScheffer]

How hard is it for someone to wrapped around the axle about using pounds vice kilos...  what difference, really, does it make?

Agree that in this particular case, it makes little difference.

But in general it can make a huge difference.  Remember, for example, that NASA lost the $125 million Mars Climate Orbiter because one group used pounds-force while the other thought they were Newtons.  If there had been a simple conceptual understanding that NASA always uses metric, someone might have thought twice about providing forces in pounds, and we'd have one more spacecraft in orbit around Mars.

EDIT:  For example, suppose you were delivering a file of small forces to the ESA for an ESA Mars orbiter.  Would it even ever occur to you to send the forces in pounds?  If the ESA had been running the exact same mission, it would likely have succeeded, where it failed due to NASA's tolerance for units not commonly used in science.

[FutureSpaceTourist]

https://twitter.com/spacexfleet/status/1336106034776190976

Meanwhile, in the Atlantic Ocean...

The recovery forces are repositioning for the SXM-7 mission whilst OCISLY and B1058.4 return to Florida.

OCISLY arrival at Port Canaveral looking to be NET Thursday 10th.

[drnscr]

How hard is it for someone to wrapped around the axle about using pounds vice kilos...  what difference, really, does it make?

Agree that in this particular case, it makes little difference.

But in general it can make a huge difference.  Remember, for example, that NASA lost the $125 million Mars Climate Orbiter because one group used pounds-force while the other thought they were Newtons.  If there had been a simple conceptual understanding that NASA always uses metric, someone might have thought twice about providing forces in pounds, and we'd have one more spacecraft in orbit around Mars.

Chill... you’re spending a ton of emotional energy that could best be spent elsewhere where it matters more

[Lars-J]

[snipped a lot of thoughts about security]
Very sorry for the too-long reply.

No, you’re not. You are clearly very passionate about it, but it is a discussion that IMO does not belong in this thread.