IT/Web: March 2011 Archives

NASA Open Source Summit

NASA To Host Open Source Summit March 29-30 In California

"NASA will host a summit about open source software development on March 29-30 at the agency's Ames Research Center in Moffett Field, Calif. The event runs from 9 a.m. to 5 p.m. PDT on both days. NASA's first Open Source Summit will bring together engineers, policy makers and members of the open source community. Participants will discuss the challenges within the existing open source policy framework and propose modifications to facilitate NASA's development, release and use of software."

Register as a remote participant.

Live streaming of the event can be found here.

NASA OIG: Inadequate Security Practices Expose Key NASA Network to Cyber Attack

"The OIG review found that six computer servers associated with information technology (IT) assets that control NASA spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable. Moreover, once inside the Agency-wide mission network, the attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA operations. We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers."

NASA spacecraft vulnerable to cyber-attack, Nature

"Gail Robinson of the OIG's office tells Nature the IG can't say publicly which systems are affected for security reasons, but that it has told NASA the information. Although only six examples were documented, the IG report makes clear that up to 130 systems could be affected by the inconsistent oversight."

Houston, We Have a Problem: Critical NASA Systems Vulnerable, PC World

"Anup Ghosh, founder and chief scientist for Invincea, noted that events like the recent attacks against HBGary, RSA, and Comodo, and this audit report from NASA might lead IT admins to ask: "If it is happening to organizations like these, can it happen to us?" But, Ghosh says the better question to ask is: "If it is happening to the top security companies, is it happening everywhere?" Ghosh volunteers the answer to that question, saying it is undoubtedly "yes"."

NASA Computer Servers Insecure, Open to 'Catastrophic' Attack, PC Magazine

"What's the problem? The OIG said NASA has been slow to act on a recommendation it made in May 2010 that NASA secure its networks. At that point, the OIG told NASA to immediately establish an IT security oversight program for its mission network, but as of February 2011, NASA had done nothing."

Space Mission Networks at Risk of Major Breach, Govinfosecurity

"NASA CIO Linda Cureton, in a letter to the IG, generally concurred with the IG's recommendations, saying she will work with mission directorates and centers to develop a comprehensive approach by Sept. 30 to ensure that Internet-accessible computers on NASA's mission networks are routinely identified, vulnerabilities are continually evaluated and risks are promptly mitigated. In addition, Cureton said she will develop and implement a strategy for conducting an Agency-wide risk assessment by Aug. 31."

NASA CIO staff continue to make their own rules when it comes to setting up websites outside the NASA firewall for official purposes - websites with no security in place, according to postings on the NASA Forward Maker Camp website.

Keith's note: According to NASA GSFC's Jon Verville (@jonverve): "We are following the precedent set by OSTP/GSA here: Please cite the NPR/NPD requirement which restricts the use of non-NASA websites." My response: "Your group is not operating this website according to NASA policy per NASA HQ. Precedents in other agencies do not count. Otherwise all NASA NPDs can be ignored since someone somewhere else always does things differently. Why have any rules at all?"

I wonder what would happen if CIO staff were to randomly walk around the agency and ask people what would happen if they went out and set up their own website outside the firewall for a project they were working on - or ask management what their reaction would be if their staff just went off and did this. The answer should be obvious. It would certainly be nice if NASA were much more open in this regard - but it is not there yet. Instead of breaking the rules (or making them up ad hoc) these CIO staffers need to set an example and follow their own rules. And if the rules are not working, they need to cite the problems, and then then change the rules. Otherwise having rules of any sort is pointless.

I fail to understand why NASA CIO sets standards that the entire agency has to follow when it comes to website hosting, security etc. and then their own staff can go do whatever they want in this regard. Why should anyone else at NASA bother to adhere to these rules - or pay attention to what the CIO says? Does the "precedent" that Verville mentions have any official bearing on NASA rules and regulations? If so, then where is the NPR/NPD that says so? Otherwise you can't just assume that you can do something simply because someone else did it.

Mixed Messages From NASA CIO Staff, earlier post

NASA's Chief Technology Officer for IT Chris Kemp Is Leaving The Agency

"Deciding to leave NASA has not been easy, and is something I've been struggling with for the past few months. About a month ago, I mentioned to one of my mentors that "it's a very difficult time to be an entrepreneur at NASA." She responded "is it ever a good time to be an entrepreneur at NASA?" Reflecting on this, I realized that most of my accomplishments at NASA were not at Headquarters, but out in the field where I could roll up my sleeves and work on projects and get stuff done. Whereas I thought I had the best of both worlds being a Headquarters employee stationed in Silicon Valley, I actually had the worst of both worlds... no influence when I can't be in all of those meetings at NASA HQ, with no mandate to manage projects at Ames. As budgets kept getting cut and continuing resolutions from Congress continued to make funding unavailable, I saw my vision for the future slowly slip further from my grasp. So, today, I am announcing that I am leaving the place I dreamed of working as a kid to find a garage in Palo Alto to do what I love."

Keith's note: NASA employees Nick Skytland @skytland, Chris Gerty @gerty, Stephanie Schierholtz @schierholz. VeronicaMcGregor (JPL) @VeronicaMcG , and Doug Ellison (JPL) @doug_ellison (and others) are currently attending SXSW (South by Southwest), an "Annual music, film, and interactive conference and festival held in Austin.". There are several panels and sessions (like this one chaired by Nick Skytland) that deal directly or partially with space exploration. It will be curious to see if any of these NASA folks write travel reports or make blog postings that describe what they saw - and what they learned - or if they will simply post a few scattered Tweets instead. Indeed, NASA's social media experts spend far too much time talking to each other - and less actually interacting with the public and other co-workers which (so I thought) was the whole point to begin with.

One would hope that they'd share what they learned - in some detail - (along with their presentations at SXSW) with the rest of the agency and the public. Curiously, Skytland et al only post their presentations (like the one for today's session) made as NASA employees at - never at Even though Skytland is travelling as a NASA representative, he uses his personal website address and not NASA's. Many of the sites he discusses are not NASA-sponsored at all. You'd think that a NASA person would be giving a NASA presentation.

In addition, Skytland's presentation is not Section 508 compliant - a requirement for all NASA presentations posted online.

WALLOPS: Comment sought on moving main gate of NASA,

"NASA is seeking comments from the public on its draft Environmental Assessment (EA) of potential impacts from proposed improvements at the Wallops Flight Facility main base entrance. NASA is proposing to improve the main base entrance to increase personnel safety and decrease congestion. .... The draft EA is available on the internet at: A description of means for submitting comments may be found on the website. Public comments on the draft EA are requested by April 12, 2011."

Keith's note: I am not sure how the "public" would ever know about this if it were not for newspapers since Wallops makes no mention of this on their website. I guess the locals are happy that they have newspapers with websites that do NASA's PR work. Oh yes, the web link from Code 250 in this article does not seem to be working.

Reader note: "For future reference, most if not all of NASA's URL's must have "www" prepended (e.g., doesn't work, does). Until this gets fixed by the Wallops' webmaster, try"

Keith's note: Looks like Beth Beck has finally decided to fix some major problems with NASA Buzzroom. When you visit now you get this message: "We're in the process of making Buzzroom better for our users. We appreciate your patience. Please check back in the future." The sad thing is that it took people outside the agency to notice these problems and bring them to NASA's attention before they took action. Virtually no one inside the agency seemed to have problems with the goofy, off-topic, and sometimes reprehensible content that this website's managers approved for posting - or simply did not notice.

- NASA Buzzroom Is Broken. Please Fix It. (Updated with SOMD Response), earlier post
- Pseudoscience and Profane Videos Featured Online at, earlier post
- Today's NASA Buzzroom Video Pick: Bowling For Soup US Tour, earlier post

Keith's note: Right now a featured video on NASA Buzzroom is "Bowling For Soup US Tour". (original on YouTube). Is this appropriate? No mention of outer space. So ... what do you do? If you go to NASA Buzzroom, and scroll to the bottom of the page you will see this notice: "This site collects community content about NASA. We invite you to join the conversation! If you find something you don't think belongs, please let us know! Page Last Updated: March 6th, 2011; Page Editor: JESS3; NASA Official: Beth Beck" One small problem: they do not provide a link or an email address. So ... how does one "let them know"?

Keith's note: Yesterday I made note of a broken website - NASA Buzzroom's video page. One feature of this site is to grab videos posted on YouTube - automatically - and post them on a webpage and add a comment feature. Nice idea - it lets people see what others think about NASA. One small problem - humans are not in the loop at NASA. At one point I found a video that had been on for weeks that depicted a bloody lynching and featured a non-stop stream of profanity. NASA eventually got around to deleting it - once I complained (Google cached version).

I complained about lots of other videos that simply had no reason whatsoever to be on a taxpayer-funded space agency website. Eventually, once someone at NASA saw these videos mentioned by me, they were removed. This process seems to be working backwards. I find these videos simply by looking at the video page. NASA deletes them - but only when I make public note of their location. The NASA folks seem to be utterly incapable of making a decision as to what is in appropriate on their own - or identifying inappropriate videos that have been on their site for weeks (or longer). Nor are they able to fix the problem inherent in this website's design in the first place. Given the way they set up this site, it would seem that no one in SOMD's crack Internet squad ever tested this website before putting it online.

To compound things, they simply take videos off of their webpage because one person (me) complains. That's not right. As such, they clearly don't have any established guidelines for removal of videos either.

Right now a clip from the notoriously horrid Howard the Duck from the 1980s is gracing a page. It is harmless but pointless when it comes to space exploration. The NASA SOMD Internet guys will eventually delete it (this is the video on YouTube). But they will only delete it because I complained. FAIL.

Curiously, while NASA told me - officially - that the NASA lawyers had told them - that they could not link to this rather popular video "NASA - The Frontier Is Everywhere" that went viral a month or so ago, this NASA Buzzroom website links to it. So ... there is a bright side to the way this page works. Too bad the people who run this site do not take its design or upkeep seriously.

Pseudoscience and Profane Videos Featured Online at, earlier post

Keith's update: Beth Beck from SOMD sent me this in response to an inquiry as to how content is approve for posting on NASA Buzzroom. She is responsible for this page at The full exchange is below. In a nutshell whoever is responsible for this website is incompetent and should be relieved of this responsibility. You see, this is the sort of material that the current process allows to be posted and approved:



Monthly Archives

About this Archive

This page is an archive of entries in the IT/Web category from March 2011.

IT/Web: February 2011 is the previous archive.

IT/Web: April 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.