260ft is around 79m. The bombs can penetrate around 60m of concrete. So one bomb, probably not, but they are able to follow each other in quick succession meaning 2 or three should be able to do the job quite easily, with accurate GPS positioning.
They can penetrate 60m of soil. They cannot penetrate 60m of concrete. Reinforced concrete at about 5000psi would only get penetration of 8-15m.
The facility is beneath 80m of limestone which in the Qom formation is roughly equivalent to about 5000psi concrete.
Beneath the limestone, sits the facility itself which is encased in high performance concrete. So these bombs need to pen 80m of 5000psi material and then a unknown depth of high performance concrete.
There is no public information about what kind of material 60m refers to, and the best guesses of reinforced concrete are 18m. https://en.m.wikipedia.org/wiki/GBU-57A/B_MOP While a single bomb would be insufficient, you don't need that many to get to 80m.
And US military assets are often much more powerful than publicly advertised...
A bomb penetrating 18m of reinforced concrete doesn't excavate 18m of concrete. It would weaken it by some percentage through fractures and overpressure but you'll need to pen it again with the second bomb.
According to the pentagon briefing this morning they dropped 14. News is reporting that it was in 3 specific locations and they were dropped successively. Assuming most detonated successfully, that much specialized ordinance did some damage. This bomb was specifically designed for this very purpose and you have to realize that capabilities that are reported are probably pretty conservative vs what the bomb is actually capable of doing.
I know a bunch of armchair generals on here are speculating that this was ineffective, but time will tell.
Because it’s always the case with the US military equipment capabilities that full capability is never disclosed. What possible reason would the military have in divulging actual specs?
Military: We can penetrate up to 200 feet with this new bunker buster bomb that we spent a billion dollars on…specifically for this site and some sites in North Korea.
Enemy: Build the bunker at 300 feet, I hear their best bunker buster is only effective to 200 feet.
Also, surely – I have no expertise – but you don't need to totally destroy the bunker to render the operation basically dead, right?
The land, roads, ingress points, elevators, security, everything around here is now FUBAR. Okay so you didn't "destroy the bunker", but how many years until it's functional again?
you don't actually need to completely destroy all the underground levels in Fordow. It is enough to cause enough damage so that the stored uranium contaminates the site, while being sealed from the outside world under the collapsed site.
The point is not to dig a hole. Penetration depth is a function of compression strength of the medium. Every bomb leaves a path of debris in its wake with negligible compression strength that subsequent bombs can pass through before expending their energy.
There were an estimated twenty of these bombs in existence before the bombing; very little head room for throwing more of them down the hole if they haven't done the job.
The question is unexplored territory, pun intended.
The FAA could deny approval for launch, but its unclear what the basis would be. What happens on Mars is out of it's jurisdiction, literally.
The UN governs Earth, not Mars. It could expand to cover Mars I suppose. It's the sort of pointless activity you could imagine the European Parliament obsessing over, but there is little they could do about an American launch company.
But the reality is we are centuries away from something approaching a land-rush on Mars, or actual competition between nations for control of anything.
I suspect it will be a "watch and wait and see" situation.
Although it covers states, not individuals, and was signed in the 1960s. That said, most space law still derives from these outdated laws and treaties and we're sorely in need of an updated approach that recognises things work differently now. Even if not for Mars, we need it to work better in orbit and on the Moon.
I agree we're centuries away, so there's that. But being pejorative about the force of law and writing it off as useless european hand-wringing I think misses the point: Elon is either going to pussy out, and not actually put people into space, or is going to, and they're going to die.
Since he doesn't have a matter transporter, he has to transit from a legal regime his company assets exist in, to some mythical point where the jurisdictional boundary lies. I think that is likely to be where alignment of the limits to US lawfare, and the headache of privatized use of space combine.
If I was China, I'd refuse to recognise any claim to ownership of assets beyond Geosynchronous. I wouldn't deliberately go to the lagrange points and graffiti the JWST, but I'd sure as hell make sure Musk knew that if he finds magnetic monopoles or tritium supplies, China expects it's cut. (magnetic monopoles don't exist.)
Some people use this term interchangeably. Many layperson's don't know the difference. Although yes, salted and hashed is the way. Encryption means there's a key (which can be compromised) to decrypt it.
yeah but you can't fight human psychology. If I say CVE-2014-0160, only a handful of people will know what I mean, but if I say heartbleed, there's a lot more recognition. Until the singularity happens and we're post-scarcity, people need money and recognition helps get more of that, however indirectly.
let's go further .. domain name means visibility and costs money.. so whoever builds and pays for "cipherleaks dot com" intends to make a business out of it..
Let's imagine a worst case scenario, where thousands of highly skilled hours are put into building common infrastructure ("barn raising") among capable people with implied social promises but not cash, and then a second wave ("cattle ranchers") comes in and starts collecting money for CVEs and pushing out any claims for compensation by authors..
this scenario is playing out in the EU (CRA laws) or de-facto in the USA (VC startups) right now.. with the monetization of CVEs , but foot-dragging and long speeches for compensation of OSS engineering. make sense?
> By reading the source code, I realized that the incoming data was put into a fixed-size static buffer in the stack, and the payload was decrypted into another fixed-size buffer. There’s no boundary or size check.
This is not normal. It's amateurish in the extreme that leads to the only conclusion that whoever wrote this ZeroMQ thing is not a real software engineer. I.e. stay away at all costs.
> This is not normal. It's amateurish in the extreme that leads to the only conclusion that whoever wrote this ZeroMQ thing is not a real software engineer. I.e. stay away at all costs.
I don't think that's a remotely fair assessment. ZeroMQ is a very large and quite popular project but it's also getting close to two decades old if I remember correctly. Any large C or C++ project that is that old is going to have quite a bit of historical cruft. And looking at some of the code that said vulnerability touched, most of that code was over a decade old.
Not to claim that it's any less severe but this is the nature of long lived projects. Unless they are massively privileged, they tend to have more code than eyes to look at said code and said code often was written in the bad old days.
> it's also getting close to two decades old if I remember correctly. Any large C or C++ project that is that old is going to have quite a bit of historical cruft.
I don't think writing arbitrary data into fixed-size buffer without boundary checks is just an artifact of being historical cruft, it's a ridiculous mistake no matter which time period it was written in. Whoever wrote that code decades ago was incredibly amateurish.
That assuming the code was written that way initially. More often than not in long running projects pieces get moved around, refactored, functionality added and removed, and silent assumptions that were true before aren't true anymore. Somebody coded functionality for fixed data buffer, somebody else extended it with variable sized data but was not aware fixed buffers are being used, that stuff happens. We live in a myriad of glass castles, don't be so quick to throw stones around.
The tone of some comments like this one makes me wonder if the authors ever wrote any software of reasonable complexity, on their free time while getting paid zero dollars.
With such high standards I wonder why this people use such amateur software and not make or buy their own professional grade software.
Also sheds light why truly free open source software is such a thankless and hazardous activity
Pieter Hintjens who started ZeroMQ, advocated for 'optimistic merging' as a strategy to encourage community & project building [1] (prev discussed in [2]). For all of the benefits listed it does open it up to lower quality or malicious merges.
Literally every serious C/C++ project has shipped memory unsafety vulnerabilities. We have discovered, as the global community of programmers, that humans are not smart enough to write C code without doing that. It is time to blame the language (or the species) and move on.
Let's not pretend that the people writing the unsafe code are unimaginably stupid. They are extremely imaginably stupid, as we all are.
The more I use ChatGPT, the useless I realize it is.
It looks impressive at first, until you realize it is like a trick pony. Don't get it to haul your luggage.
It gives apparently good summaries of sometimes complex topics. But then you ask it to explain things in more detail...welcome to a special hell of circular reasoning, inherent contradictions, and surprising about-faces that occur even when you ask a complementary question (complementary as in congruent not admiring).
ChatGPT: <long verbose answer...>
Me: Oh so your saying X implies Y but not Z? (which previous answer did)
ChatGPT: Apologies for causing confusion, I misspoke.... (go on to give a worse response now)
Me: But your first response was OK, I just wanted to clarify XYZ...
ChatGPT: <now gives a response with directly conflicting statements>
