Your analogy is falling apart. Even if they flew a drone into your house, discharging a firearm inside your house just makes a bad situation worse, when you could just throw a blanket over it at that point. A lot of people (police included) are just looking for an excuse to shoot something. Pathetic, really.
No, you obviously don't, and who would think it's a good idea to discharge a firearm in their home? The drywall isn't going to stop projectiles. The appropriate action if someone does that is still to call the police, and possibly throw a blanket over it, I guess. Since it's not airborne you could just walk up and disconnect the battery so it's hardly the same situation. A drone is dangerous to approach, and even more dangerous to shoot at. An R/C car is not dangerous to approach, and definitely more dangerous to shoot at. Plus you'd be destroying evidence. Better to pick it up and pull the battery, and call the police.
I've been saying for a few years that if you just had a few solar panels in your back yard, and didn't want to go through the expense of all the inverter stuff, you could just use it to charge a small battery and power a DC air conditioner. That's because you generally want air conditioning at the same time that you have the most solar power. At the time, the only DC air conditioners available were for marine use, and so they were expensive. However, in the last year and a half I noticed a lot of DC air conditioners on the marker on AliExpress (in China). Some of them even come as a kit including solar panels. The difference here is that presumably the Sharp ones are UL and/or CSA certified, so you could use them in North America.
Honestly, some of the stuff on AliExpress is impressive for how cheap it is. You can buy 500W grid-tie inverters for a solar array for the $200 range. Unfortunately they only have a CE rating, so they're not OK for North America yet. In comparison you can spend 3 to 4 times that much here.
If someone parked a car in your driveway and it had a dashboard camera, that doesn't give you the right to shoot at it with a shotgun. Plus there's the fact that shooting at a drone turns it from a not-very-dangerous object into a ballistic object (not to mention the projectile(s) you're shooting). A sane person would call the police rather than making a bad situation worse.
It's sad but I fight the same battle almost every day regarding safety systems in factory automation. There are specific regulations and best practices that we have to follow in order to determine that a machine is safe for an operator to use, and it falls under the heading of "big E" Engineering, as in the type you need to have a license to certify. We put a lot of effort into making the machine both provably safe, but we also have to make it recover nicely from an abrupt shutdown if someone opens a guard door, etc. Everyone from management, to the engineering staff, to the operators themselves who use the equipment constantly gripe about how much effort we have to put into the safety systems, even when it's their own life that's at risk. Almost every discussion involves someone saying, "why can't we just tell people not to stick their hand in the machine?" The answer, of course, is that the rules are different for a machine that starts and stops automatically, than it would be, e.g., for a table saw or a drill press with an on/off switch. The rules are different precisely because people do stick their hands into machines that are stopped. Engineers are professionals who accept people as they are, not as we wish they could be.
Really we could solve the security problems in "IoT" devices by applying the same strict Engineering principles that we do to safety systems in factory automation. You would do this by functionally separating the part of the system responsible for security from the rest of the system, having certified parts that you can purchase that are rated to various industry best practice security standards, and then having a licensed professional engineer review and sign off on the design. Guess what though... it would cost more money. However, I believe there are certain products, where there's a risk to the public, that should be legislated to require this kind of certification.
This problem is with both "online" and "offline" password managers. Certainly I wouldn't use an online (i.e. website) password manager because it's a really juicy target sitting there connected to the internet. People can and will attack it, and at least one online password manager has been hacked. Offline password managers, such as KeePass, aren't as bad. It's all in a single encrypted database file, but you can store it on a home PC, a thumb drive, and in some backup location. The program allows very easy sync'ing between those files. Since the file only contains one person's passwords, it isn't as juicy of a target, and since it's not on an internet facing computer, the exposure is lower. An offline password manager is still a really good idea.
When I looked little while ago (2004?), in the Detroit area the funding was about $6000/yr per student in the inner city and up to $13,000/yr in the suburbs around it. For that money you have to pay the teacher with benefits, a support staff (principle, VP, secretary, janitorial, music, school nurses/psychologists, IT, etc.) and then supplies, bussing, and pay for the construction, maintenance and utility costs on a rather large building. I agree it's not a steal but it's not unreasonable either.
Depending on what kind of full time job you had to give up, it could have cost upwards of $50,000 or $100,000 per year for you to educate your 2 kids, given the opportunity cost. Don't get me wrong, I can think of lots of *good* reasons to home school your kids, but saving money isn't one of them.
It seems odd to me that merely installing a solenoid on the trigger would cause it to be classified as "automatic" when in reality, it then falls upon the software (or the way it's wired) to determine if it's semi-auto or auto. It doesn't look like the software is written to work in a fully-automatic mode. I understand that they might charge him anyway, but I would also think he'd have a reasonable legal defense.
When I used to go to automotive plants, they'd search your bags and you weren't allowed to bring cameras in. Once everyone got a cell phone with a camera, they just gave up.
When we had our first kid (2008) they'd look at you a bit snarky if you had a cell phone in the hospital. By the time we had our third kid, there were medical interns texting in the surgical room (it was a C-section). Nobody batted an eye if you had a cell phone, though the signs were still up. In my doctor's office, he uses some kind of program to manage all the patient medical files, and there's a terminal (it's a Mac actually) in every examination room. He leaves it logged in even though there are theoretically steep penalties for violating patient confidentiality. Just looking at the screen you can see his whole schedule for the day. When he comes in, he doesn't have to type a password or anything to start entering data about my visit. Devices like insulin pumps are known to allow wireless connections without authentication, and even if there was authentication, let's face it, it's probably broken.
Not long ago I was doing searches for industrial equipment manufacturer names on Shodan and ended up connected to one of those big wind turbines, somewhere in the middle of the US. No authentication. It was a monitoring dashboard and I didn't poke around, just closed it, but there were suspicious links/buttons on there to access the industrial controls, such as the PLC.
There are so many vectors: web browsing, phishing, thumb drives and phones brought in from the outside, pwnies, wireless, executives taking laptops home or even to China, spoofed OS updates, hardware infected as the point of manufacturing, and those are just some of the ones we know about. There is no real security.
It seems unlikely to me that you would (a) aim the gun at yourself while flying like he does at the beginning and (b) test it out so close to yourself without being behind some kind of a safety shield. I'd bet it's bogus.
I know so many people who just eat that shit up. Basically it tells (some) people what they want to hear: "here's a very simple trick you can use to win while everyone else loses."
I once priced the difference between cattle-class and business-class travel on a round trip from Toronto to South Africa (definitely a long multi-leg trip and interested in having a bit of extra leg room). The economy ticket was about $6000 and the business-class ticket was $21,000. I really don't see how having *maybe* twice as much area on the floor accounts for 3.5 times the price, no matter how many free drinks you want to throw in.
If the code they based their changes on was GPL'd and they never distributed it, then the GPL's share-alike clause doesn't kick in. Assuming he did the work for-hire and it was for internal purposes only, then the changes are still copyright Goldman Sachs and the programmer does *not* have the right to copy them to share with anyone else. In fact they can legitimately do anything they want with the GPL'd code including stripping out the headers as long as they never distribute it. Saying it's copyright Goldman Sachs is dubious but of almost zero importance if the code is kept internal.
As an electronics technician i have to ask:'
How do you troubleshoot/find faults in those systems without power applied?
First of all, it's only control power that's off (sensors are always on). Measuring a voltage is one thing, but if you need to replace a motor, you have to lock out the energy. Secondly, the electrical devices that do the controlling are usually located in electrical panels accessible from outside the guarding. Third the cell is normally designed so you can see pretty well what's going on from outside (the guarding is typically something you can see through like lexan or square mesh painted black).
I can't believe I heard about this story on the radio this morning, with the radio hosts likening it to the movie Terminator. I work in industrial automation and let me assure you that these industrial robots have absolutely nothing even remotely approaching "AI". An industrial robot is no more than a multi-axis motion control system with some fancy co-ordinate transformation math on top of it. The programs are as simple as "wait for this input, then move to this point, turn on this output, wait for this input", etc.
When we're starting up any industrial automation workcell (whether it as a robot or not), the cell design has to be certified (stamped by a professional engineer in our jurisdiction) that the safety system meets appropriate regulations and is built with certified components, all of which are specified to specific safety requirements based on hazard, etc.
The thing is, those regulations are there to protect factory workers and people interacting with the cell in normal operations. If you take any machine apart using a wrench, you're supposed to be properly trained in how to lock out all sources of energy in the machine. That said, when you're programming the cell, you're allowed to be inside the cell and power up the robot using a teach pendant with a special enabling switch you have to hold down. This requires you to put the robot in a special teach mode which also limits the robot speed to less than 250 mm/s. If the cell was built correctly, the interlock switches on the gates have to be wired into the gate inputs on the robot, and when you open the guarding, the robot can only be energized while in teach mode with the teach pendant enabled.
The system isn't fool proof. We all know impatient people. Maybe the person programming the robot didn't check that the gate switches were wired in properly, or maybe he asked his buddy to close the gate behind him and press the reset button because he wanted to see what was going on (something I've seen several people do, and have always chastised them for). Maybe the guarding wasn't completely installed yet. Maybe he mistakenly put it in "Teach 2" mode which allows full speed operation with the teach pendant enabled. This mode is generally illegal in the United States, but some jurisdictions do allow it as long as you take other safeguards, like striping out a dedicated area on the floor where the robot can't reach where you're allowed to stand.
That's why this is most certainly human error. The question is, who is liable? Did a manager pressure the guy to continue programming the robot even though proper safeguards weren't in place? Did he just get impatient and ignore his own safety training? I see lots of people do that, and I also see lots of people with missing fingers - go figure.
Presumably your card # and other information were stolen manually or via an online transaction. The article is specifically mentioning going after the data from the mag stripe. I have presumed, but don't know enough about it, that the chipped cards encrypt the verification between the card and the bank, so the vendor doesn't ever have that info, and thus any malware running on their POS terminal can't access it either. That doesn't stop your waiter from writing down your card details of course... it's just a matter of degree.
Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.
I assume this is mostly because the US still doesn't have chipped credit cards, or has that changed since a year or so ago when I was there? I thought the magstripe was going away.
No, I'm saying if there was a STEM shortage, then these people would all be able to find better jobs, and the game companies would have to pay better and provide better working conditions.
I think the GP's point is obvious. When you see/read the Hunger Games, your first reaction is disbelief that this could happen, and then it hits you that it did happen (Rome, etc.). I think that was one of the major points of the book: same old human cruelty in a different setting.
Nothing you do in school, no project, certainly not a "keystone project", can come anywhere close to the complexity of a real-life engineering, IT, or software project. All of the things like best practices and methodology you were learning in school were methods for managing complexity, and yet they could never actually show you real complexity like you're going to see in the workforce.
There's a lot of talk about the fact that this would mean tracking everywhere you went. Why not just track miles driven by your odometer? I don't know about Oregon, but here you report your odometer reading when you pay for your license plate. You could just also pay the estimated tax (you already tell your insurance company how far you're probably going to drive) when you license your vehicle, and then pay/receive the difference when you re-register it next year, plus when you sell it. Seems a lot simpler and less expensive than a GPS tracker.
Also, seems like there should be a per-distance tax for roads, plus a gas consumption tax just to cover the increased societal costs of using gas. Use the gas tax to build out charging stations.
Yeah, no kidding. My wife wanted one for Christmas, so she got one (not from me). Thankfully it's a Keurig 1.0. I insisted on finding one of the good re-usable stainless steel filters and I just put regular ground coffee in it. Works great for me. She only cares about the convenience, and won't use the re-usable one. It's sad to me, but it's her choice. Honestly, how people can think throwing out all these plastic k-cups are a great idea is beyond me.
Slashdot Mirror
Your analogy is falling apart. Even if they flew a drone into your house, discharging a firearm inside your house just makes a bad situation worse, when you could just throw a blanket over it at that point. A lot of people (police included) are just looking for an excuse to shoot something. Pathetic, really.
No, you obviously don't, and who would think it's a good idea to discharge a firearm in their home? The drywall isn't going to stop projectiles. The appropriate action if someone does that is still to call the police, and possibly throw a blanket over it, I guess. Since it's not airborne you could just walk up and disconnect the battery so it's hardly the same situation. A drone is dangerous to approach, and even more dangerous to shoot at. An R/C car is not dangerous to approach, and definitely more dangerous to shoot at. Plus you'd be destroying evidence. Better to pick it up and pull the battery, and call the police.
I've been saying for a few years that if you just had a few solar panels in your back yard, and didn't want to go through the expense of all the inverter stuff, you could just use it to charge a small battery and power a DC air conditioner. That's because you generally want air conditioning at the same time that you have the most solar power. At the time, the only DC air conditioners available were for marine use, and so they were expensive. However, in the last year and a half I noticed a lot of DC air conditioners on the marker on AliExpress (in China). Some of them even come as a kit including solar panels. The difference here is that presumably the Sharp ones are UL and/or CSA certified, so you could use them in North America.
Honestly, some of the stuff on AliExpress is impressive for how cheap it is. You can buy 500W grid-tie inverters for a solar array for the $200 range. Unfortunately they only have a CE rating, so they're not OK for North America yet. In comparison you can spend 3 to 4 times that much here.
If someone parked a car in your driveway and it had a dashboard camera, that doesn't give you the right to shoot at it with a shotgun. Plus there's the fact that shooting at a drone turns it from a not-very-dangerous object into a ballistic object (not to mention the projectile(s) you're shooting). A sane person would call the police rather than making a bad situation worse.
It's sad but I fight the same battle almost every day regarding safety systems in factory automation. There are specific regulations and best practices that we have to follow in order to determine that a machine is safe for an operator to use, and it falls under the heading of "big E" Engineering, as in the type you need to have a license to certify. We put a lot of effort into making the machine both provably safe, but we also have to make it recover nicely from an abrupt shutdown if someone opens a guard door, etc. Everyone from management, to the engineering staff, to the operators themselves who use the equipment constantly gripe about how much effort we have to put into the safety systems, even when it's their own life that's at risk. Almost every discussion involves someone saying, "why can't we just tell people not to stick their hand in the machine?" The answer, of course, is that the rules are different for a machine that starts and stops automatically, than it would be, e.g., for a table saw or a drill press with an on/off switch. The rules are different precisely because people do stick their hands into machines that are stopped. Engineers are professionals who accept people as they are, not as we wish they could be.
Really we could solve the security problems in "IoT" devices by applying the same strict Engineering principles that we do to safety systems in factory automation. You would do this by functionally separating the part of the system responsible for security from the rest of the system, having certified parts that you can purchase that are rated to various industry best practice security standards, and then having a licensed professional engineer review and sign off on the design. Guess what though... it would cost more money. However, I believe there are certain products, where there's a risk to the public, that should be legislated to require this kind of certification.
This problem is with both "online" and "offline" password managers. Certainly I wouldn't use an online (i.e. website) password manager because it's a really juicy target sitting there connected to the internet. People can and will attack it, and at least one online password manager has been hacked. Offline password managers, such as KeePass, aren't as bad. It's all in a single encrypted database file, but you can store it on a home PC, a thumb drive, and in some backup location. The program allows very easy sync'ing between those files. Since the file only contains one person's passwords, it isn't as juicy of a target, and since it's not on an internet facing computer, the exposure is lower. An offline password manager is still a really good idea.
When I looked little while ago (2004?), in the Detroit area the funding was about $6000/yr per student in the inner city and up to $13,000/yr in the suburbs around it. For that money you have to pay the teacher with benefits, a support staff (principle, VP, secretary, janitorial, music, school nurses/psychologists, IT, etc.) and then supplies, bussing, and pay for the construction, maintenance and utility costs on a rather large building. I agree it's not a steal but it's not unreasonable either.
Depending on what kind of full time job you had to give up, it could have cost upwards of $50,000 or $100,000 per year for you to educate your 2 kids, given the opportunity cost. Don't get me wrong, I can think of lots of *good* reasons to home school your kids, but saving money isn't one of them.
It seems odd to me that merely installing a solenoid on the trigger would cause it to be classified as "automatic" when in reality, it then falls upon the software (or the way it's wired) to determine if it's semi-auto or auto. It doesn't look like the software is written to work in a fully-automatic mode. I understand that they might charge him anyway, but I would also think he'd have a reasonable legal defense.
When I used to go to automotive plants, they'd search your bags and you weren't allowed to bring cameras in. Once everyone got a cell phone with a camera, they just gave up.
When we had our first kid (2008) they'd look at you a bit snarky if you had a cell phone in the hospital. By the time we had our third kid, there were medical interns texting in the surgical room (it was a C-section). Nobody batted an eye if you had a cell phone, though the signs were still up. In my doctor's office, he uses some kind of program to manage all the patient medical files, and there's a terminal (it's a Mac actually) in every examination room. He leaves it logged in even though there are theoretically steep penalties for violating patient confidentiality. Just looking at the screen you can see his whole schedule for the day. When he comes in, he doesn't have to type a password or anything to start entering data about my visit. Devices like insulin pumps are known to allow wireless connections without authentication, and even if there was authentication, let's face it, it's probably broken.
Not long ago I was doing searches for industrial equipment manufacturer names on Shodan and ended up connected to one of those big wind turbines, somewhere in the middle of the US. No authentication. It was a monitoring dashboard and I didn't poke around, just closed it, but there were suspicious links/buttons on there to access the industrial controls, such as the PLC.
There are so many vectors: web browsing, phishing, thumb drives and phones brought in from the outside, pwnies, wireless, executives taking laptops home or even to China, spoofed OS updates, hardware infected as the point of manufacturing, and those are just some of the ones we know about. There is no real security.
It seems unlikely to me that you would (a) aim the gun at yourself while flying like he does at the beginning and (b) test it out so close to yourself without being behind some kind of a safety shield. I'd bet it's bogus.
I know so many people who just eat that shit up. Basically it tells (some) people what they want to hear: "here's a very simple trick you can use to win while everyone else loses."
I once priced the difference between cattle-class and business-class travel on a round trip from Toronto to South Africa (definitely a long multi-leg trip and interested in having a bit of extra leg room). The economy ticket was about $6000 and the business-class ticket was $21,000. I really don't see how having *maybe* twice as much area on the floor accounts for 3.5 times the price, no matter how many free drinks you want to throw in.
If the code they based their changes on was GPL'd and they never distributed it, then the GPL's share-alike clause doesn't kick in. Assuming he did the work for-hire and it was for internal purposes only, then the changes are still copyright Goldman Sachs and the programmer does *not* have the right to copy them to share with anyone else. In fact they can legitimately do anything they want with the GPL'd code including stripping out the headers as long as they never distribute it. Saying it's copyright Goldman Sachs is dubious but of almost zero importance if the code is kept internal.
I thought we just called those people Browncoats.
As an electronics technician i have to ask:' How do you troubleshoot/find faults in those systems without power applied?
First of all, it's only control power that's off (sensors are always on). Measuring a voltage is one thing, but if you need to replace a motor, you have to lock out the energy. Secondly, the electrical devices that do the controlling are usually located in electrical panels accessible from outside the guarding. Third the cell is normally designed so you can see pretty well what's going on from outside (the guarding is typically something you can see through like lexan or square mesh painted black).
I can't believe I heard about this story on the radio this morning, with the radio hosts likening it to the movie Terminator. I work in industrial automation and let me assure you that these industrial robots have absolutely nothing even remotely approaching "AI". An industrial robot is no more than a multi-axis motion control system with some fancy co-ordinate transformation math on top of it. The programs are as simple as "wait for this input, then move to this point, turn on this output, wait for this input", etc.
When we're starting up any industrial automation workcell (whether it as a robot or not), the cell design has to be certified (stamped by a professional engineer in our jurisdiction) that the safety system meets appropriate regulations and is built with certified components, all of which are specified to specific safety requirements based on hazard, etc.
The thing is, those regulations are there to protect factory workers and people interacting with the cell in normal operations. If you take any machine apart using a wrench, you're supposed to be properly trained in how to lock out all sources of energy in the machine. That said, when you're programming the cell, you're allowed to be inside the cell and power up the robot using a teach pendant with a special enabling switch you have to hold down. This requires you to put the robot in a special teach mode which also limits the robot speed to less than 250 mm/s. If the cell was built correctly, the interlock switches on the gates have to be wired into the gate inputs on the robot, and when you open the guarding, the robot can only be energized while in teach mode with the teach pendant enabled.
The system isn't fool proof. We all know impatient people. Maybe the person programming the robot didn't check that the gate switches were wired in properly, or maybe he asked his buddy to close the gate behind him and press the reset button because he wanted to see what was going on (something I've seen several people do, and have always chastised them for). Maybe the guarding wasn't completely installed yet. Maybe he mistakenly put it in "Teach 2" mode which allows full speed operation with the teach pendant enabled. This mode is generally illegal in the United States, but some jurisdictions do allow it as long as you take other safeguards, like striping out a dedicated area on the floor where the robot can't reach where you're allowed to stand.
That's why this is most certainly human error. The question is, who is liable? Did a manager pressure the guy to continue programming the robot even though proper safeguards weren't in place? Did he just get impatient and ignore his own safety training? I see lots of people do that, and I also see lots of people with missing fingers - go figure.
Presumably your card # and other information were stolen manually or via an online transaction. The article is specifically mentioning going after the data from the mag stripe. I have presumed, but don't know enough about it, that the chipped cards encrypt the verification between the card and the bank, so the vendor doesn't ever have that info, and thus any malware running on their POS terminal can't access it either. That doesn't stop your waiter from writing down your card details of course... it's just a matter of degree.
Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.
I assume this is mostly because the US still doesn't have chipped credit cards, or has that changed since a year or so ago when I was there? I thought the magstripe was going away.
No, I'm saying if there was a STEM shortage, then these people would all be able to find better jobs, and the game companies would have to pay better and provide better working conditions.
There's no STEM shortage, just a shortage of people willing to work 80 hours per week for under $50k per year.
I think the GP's point is obvious. When you see/read the Hunger Games, your first reaction is disbelief that this could happen, and then it hits you that it did happen (Rome, etc.). I think that was one of the major points of the book: same old human cruelty in a different setting.
Nothing you do in school, no project, certainly not a "keystone project", can come anywhere close to the complexity of a real-life engineering, IT, or software project. All of the things like best practices and methodology you were learning in school were methods for managing complexity, and yet they could never actually show you real complexity like you're going to see in the workforce.
There's a lot of talk about the fact that this would mean tracking everywhere you went. Why not just track miles driven by your odometer? I don't know about Oregon, but here you report your odometer reading when you pay for your license plate. You could just also pay the estimated tax (you already tell your insurance company how far you're probably going to drive) when you license your vehicle, and then pay/receive the difference when you re-register it next year, plus when you sell it. Seems a lot simpler and less expensive than a GPS tracker.
Also, seems like there should be a per-distance tax for roads, plus a gas consumption tax just to cover the increased societal costs of using gas. Use the gas tax to build out charging stations.
Yeah, no kidding. My wife wanted one for Christmas, so she got one (not from me). Thankfully it's a Keurig 1.0. I insisted on finding one of the good re-usable stainless steel filters and I just put regular ground coffee in it. Works great for me. She only cares about the convenience, and won't use the re-usable one. It's sad to me, but it's her choice. Honestly, how people can think throwing out all these plastic k-cups are a great idea is beyond me.