You're thinking like a techie, not an average person with better things to do with their time. What's easier... doing all the BS you just said, or just voting the way your boss/church/union wants, taking a picture, and making them happy so you raise your standing in that organization? If you think this problem will have no effect, I don't think you understand average people.
Yes, in fact that's the only way you could make a trustworthy system. Sure, make it count electronically, but audit a random 3% of the polls by manually counting the receipts, and also audit any where the results don't match the exit polls, etc.
It's not that posting the picture should be illegal, it's that you shouldn't be allowed in to vote if you're taking in some way of proving how you voted. I know that's a bit heavy handed, but any other way allows an employer or abusive spouse, etc., to force you to prove to them how you voted. At least this way you can say "they won't let me in."
The good ideas are doing it the way you describe, but there was a TED talk by a guy who was pushing a voting system where you got a receipt and you could log in and check that it was counted. I can't remember if you could check which way you voted, but I think so.
Eventually other countries will have drone capability, and will be flying them over US soil. It's important that we develop the technology to do it safely.;)
That's because US new organizations are only interested in profit. Those things make viewers yell at them, stomp around with signs in front of their building calling for a boycott, etc. It's bad for business, so they don't do it. On the other hand, sensationalism sells, so that's what they print.
There was an interview in the latest issue of Make Magazine with one of the creators of the Arduino. He said he's been trying to teach fundamentals of electronics to students (ohm's law, etc.) and they just weren't getting it, and he realized that wasn't how he learned it. He'd just started building stuff with the tools available, and when something didn't work, he was motivated to dig deeper and figure out why. He helped create the Arduino to be an easy way to get a light blinking without really having to know everything about how it worked, and then as you wanted to do more, you had to figure it out. The Arduino seems to be very successful with this strategy. That seems to fly completely in the face of your theory.
That same PLC has to work in tiny little job shops where the only support is a local electrician, and they're perfectly capable of going online with said PLC, adding a new sensor they need to stop the machine when the new hopper they installed is full, and going on their merry way. In that kind of situation it's likely the PLC isn't hooked up to a network anyway. Besides, you underestimate the ability of an "electrician" who needs to get a job done. Trust me, there are much more serious ways for an electrician to screw things up than making a mistake with a PLC. In fact PLCs are designed to be understood and programmed by electricians. That's why most are programmed in ladder logic.
I'm a P.Eng. I work in the control system industry. Most of the people who work in this industry are P.Eng.'s or certainly have an Engineering degree. Most of the ones I've met know *nothing* about computer security. These Engineers are the ones plugging PLCs directly into office networks because they're EE's. They have little to no training in computer networks (short of setting up their home routers). They have no idea what a VLAN is. They have heard the term firewall but don't really know what one does. Usually it's also EE's who are the ones writing the software (like CoDeSys) that runs on these devices (because it's embedded software and it helps to have lots of good hardware knowledge).
The only reason I know something about computer security is because I'm very interested in it, and I really think we, as an industry, need to know this stuff. Unfortunately nobody else seems to agree with me.
At any rate, we *are* professionals. I pay hundreds of dollars per year to maintain my P.Eng. license. I had to write law and ethics exams to get my license. I can lose my license if I don't follow industry best practices. Unfortunately the best practices *in our industry* for this kind of thing are completely inadequate. In fact, none of the stuff we're talking about here actually requires a P.Eng. to stamp the design. Sure, the *safety* system has to be stamped by a P.Eng., but anybody can plug network switches together. So no, requiring control system guys to be licensed won't help... many already are. You need to educate the professional organizations and standards organizations, and have them change the regulations.
Certainly the GP isn't talking about physical security, or even trying to use cybersecurity as a replacement for physical security. If there's a malicious guy standing beside your control panel, good luck. However, the fact is more and more industrial control systems, are connected directly to the corporate network. Even if they're not on the same network, you almost certainly need some kind of MES system with access to both networks, so you have a single point of failure there. Even without that you have laptops with the programming software. You need to copy EDS files onto those from the vendor's site, you need to "activate" the programming software by connecting it to the internet, so you're constantly moving it between both networks. That's another major security hole.
Plus, numerous times I've been required to logon to these systems to do support remotely, even when they were in different countries. I even went online with a line CompactLogix PLC across the internet for troubleshooting because the customer requested it. Management stood behind me (literally) oooh'ing and ah'ing about how cool it was that it could be done, thinking they were brilliant for coming up with the idea to save a trip onsite. Think about that situation... if the customer's laptop was directly connected to the industrial network and they were connected to a Webex meeting from that laptop, and giving control of their desktop to my PC, exactly how did they do that if their industrial and corporate networks are actually "air gapped"? They're not the only customer doing this either.
Except for the obvious problem that we can't grow trees at the rate that we want to consume them, and we don't have a good way to turn trees into liquid petrol anyway (do you want to run your car on firewood?). Ethanol from corn is closer, but not a good solution due to the energy it requires to make it. The switchgrass thing seems better (less energy required) but hasn't seemed to make headway yet. Why not take the same process plants are using and speed it up by several orders of magnitude (if we can)?
To be fair, gasoline has a decent energy density and there's a lot of legacy equipment that runs on it. If you convert sunlight + CO2 + H20 into gasoline, and burn it, at least that's better than digging it out of the ground, refining it, and releasing more CO2 into the atmosphere.
Actually the benefit of wireless is absolutely obvious: you can monitor battery levels, even update firmware in the event of a serious bug, without doing surgery, and without having wires protruding through the skin (which is itself a major infection risk).
That wasn't really a fair article. If you read it carefully, it was her publisher that went after the people sharing the book on the internet, not her. Why should she care anyway, she's presumably already been paid by the publisher, probably gets very little "per book sold", and the free publicity is worth more to her than the royalties. For all we know, it could have been her sharing copies for free.
Ok, so in the bitcoin model, everybody has everybody's data. How is this better? The problem they're trying to solve is to allow you to control who has access to your data.
Which is dumb anyway. If you put it on the internet, you shouldn't be trying to keep it private.
Actually if you follow what's being going on with Arduino and 3D printers, etc., what we used to call "hackers" are now calling themselves "makers," as in people who "make" things. I think a more accurate title would be "maker/modder" to cover people who are modifying existing products to give them new functionality. Interestingly these people tend to congregate in "hackerspaces" so it's all a mix of words.
Existing industrial robots have collision detection, but more for running into big heavy things like machines, not squishy things like people. The fact is that an industrial robot can move *really* fast, and the Baxter robot in this video moves *really* slow. So if an industrial robot cell is about 6 times more expensive, but it can do 10 times the throughput (I think that's conservative from what I saw in that video) then you'd go with the traditional industrial robot in a cage.
Where Baxter might shine is in some kind of job shop where they do contract work to stamp out 10,000 widgets for some customer, and they're constantly reconfiguring their production line. People are always more flexible, but in this case, you now have a robot that's much easier to change, and it's cheap, but it actually moves slower than a human.
There is one very, very critical thing missing: You have zero control over the state that manifests itself synchronously. Completely unusable for anything except a stunt.
Oh, I don't know... seems to me that's a great way to generate private encryption keys at 2 different locations without having to worry about anyone capturing those keys in transit.
Not exactly. An automatic transmission is a *requirement* for some drivers, so there is no upgrade/downgrade about it. For someone who is good at (and enjoys) driving stick, manual->automatic is not an upgrade. For instance, an electric->gas stove isn't an upgrade for my parents because they don't have a gas connection at their house.
Slashdot Mirror
You're thinking like a techie, not an average person with better things to do with their time. What's easier... doing all the BS you just said, or just voting the way your boss/church/union wants, taking a picture, and making them happy so you raise your standing in that organization? If you think this problem will have no effect, I don't think you understand average people.
Yes, in fact that's the only way you could make a trustworthy system. Sure, make it count electronically, but audit a random 3% of the polls by manually counting the receipts, and also audit any where the results don't match the exit polls, etc.
It's not that posting the picture should be illegal, it's that you shouldn't be allowed in to vote if you're taking in some way of proving how you voted. I know that's a bit heavy handed, but any other way allows an employer or abusive spouse, etc., to force you to prove to them how you voted. At least this way you can say "they won't let me in."
The good ideas are doing it the way you describe, but there was a TED talk by a guy who was pushing a voting system where you got a receipt and you could log in and check that it was counted. I can't remember if you could check which way you voted, but I think so.
Eventually other countries will have drone capability, and will be flying them over US soil. It's important that we develop the technology to do it safely. ;)
That's because US new organizations are only interested in profit. Those things make viewers yell at them, stomp around with signs in front of their building calling for a boycott, etc. It's bad for business, so they don't do it. On the other hand, sensationalism sells, so that's what they print.
There was an interview in the latest issue of Make Magazine with one of the creators of the Arduino. He said he's been trying to teach fundamentals of electronics to students (ohm's law, etc.) and they just weren't getting it, and he realized that wasn't how he learned it. He'd just started building stuff with the tools available, and when something didn't work, he was motivated to dig deeper and figure out why. He helped create the Arduino to be an easy way to get a light blinking without really having to know everything about how it worked, and then as you wanted to do more, you had to figure it out. The Arduino seems to be very successful with this strategy. That seems to fly completely in the face of your theory.
That same PLC has to work in tiny little job shops where the only support is a local electrician, and they're perfectly capable of going online with said PLC, adding a new sensor they need to stop the machine when the new hopper they installed is full, and going on their merry way. In that kind of situation it's likely the PLC isn't hooked up to a network anyway. Besides, you underestimate the ability of an "electrician" who needs to get a job done. Trust me, there are much more serious ways for an electrician to screw things up than making a mistake with a PLC. In fact PLCs are designed to be understood and programmed by electricians. That's why most are programmed in ladder logic.
Mod parent up... they hit the nail on the head.
I'm a P.Eng. I work in the control system industry. Most of the people who work in this industry are P.Eng.'s or certainly have an Engineering degree. Most of the ones I've met know *nothing* about computer security. These Engineers are the ones plugging PLCs directly into office networks because they're EE's. They have little to no training in computer networks (short of setting up their home routers). They have no idea what a VLAN is. They have heard the term firewall but don't really know what one does. Usually it's also EE's who are the ones writing the software (like CoDeSys) that runs on these devices (because it's embedded software and it helps to have lots of good hardware knowledge).
The only reason I know something about computer security is because I'm very interested in it, and I really think we, as an industry, need to know this stuff. Unfortunately nobody else seems to agree with me.
At any rate, we *are* professionals. I pay hundreds of dollars per year to maintain my P.Eng. license. I had to write law and ethics exams to get my license. I can lose my license if I don't follow industry best practices. Unfortunately the best practices *in our industry* for this kind of thing are completely inadequate. In fact, none of the stuff we're talking about here actually requires a P.Eng. to stamp the design. Sure, the *safety* system has to be stamped by a P.Eng., but anybody can plug network switches together. So no, requiring control system guys to be licensed won't help... many already are. You need to educate the professional organizations and standards organizations, and have them change the regulations.
Certainly the GP isn't talking about physical security, or even trying to use cybersecurity as a replacement for physical security. If there's a malicious guy standing beside your control panel, good luck. However, the fact is more and more industrial control systems, are connected directly to the corporate network. Even if they're not on the same network, you almost certainly need some kind of MES system with access to both networks, so you have a single point of failure there. Even without that you have laptops with the programming software. You need to copy EDS files onto those from the vendor's site, you need to "activate" the programming software by connecting it to the internet, so you're constantly moving it between both networks. That's another major security hole.
Plus, numerous times I've been required to logon to these systems to do support remotely, even when they were in different countries. I even went online with a line CompactLogix PLC across the internet for troubleshooting because the customer requested it. Management stood behind me (literally) oooh'ing and ah'ing about how cool it was that it could be done, thinking they were brilliant for coming up with the idea to save a trip onsite. Think about that situation... if the customer's laptop was directly connected to the industrial network and they were connected to a Webex meeting from that laptop, and giving control of their desktop to my PC, exactly how did they do that if their industrial and corporate networks are actually "air gapped"? They're not the only customer doing this either.
What are you smoking? Have you seen people lately? It's a *fashion accessory*! Girls who know nothing about technology get a new one every 8 months!
So that means there's not really any story then?
Except for the obvious problem that we can't grow trees at the rate that we want to consume them, and we don't have a good way to turn trees into liquid petrol anyway (do you want to run your car on firewood?). Ethanol from corn is closer, but not a good solution due to the energy it requires to make it. The switchgrass thing seems better (less energy required) but hasn't seemed to make headway yet. Why not take the same process plants are using and speed it up by several orders of magnitude (if we can)?
To be fair, gasoline has a decent energy density and there's a lot of legacy equipment that runs on it. If you convert sunlight + CO2 + H20 into gasoline, and burn it, at least that's better than digging it out of the ground, refining it, and releasing more CO2 into the atmosphere.
Actually the benefit of wireless is absolutely obvious: you can monitor battery levels, even update firmware in the event of a serious bug, without doing surgery, and without having wires protruding through the skin (which is itself a major infection risk).
That wasn't really a fair article. If you read it carefully, it was her publisher that went after the people sharing the book on the internet, not her. Why should she care anyway, she's presumably already been paid by the publisher, probably gets very little "per book sold", and the free publicity is worth more to her than the royalties. For all we know, it could have been her sharing copies for free.
Ok, so in the bitcoin model, everybody has everybody's data. How is this better? The problem they're trying to solve is to allow you to control who has access to your data.
Which is dumb anyway. If you put it on the internet, you shouldn't be trying to keep it private.
Someone's been watching Primer.
Actually if you follow what's being going on with Arduino and 3D printers, etc., what we used to call "hackers" are now calling themselves "makers," as in people who "make" things. I think a more accurate title would be "maker/modder" to cover people who are modifying existing products to give them new functionality. Interestingly these people tend to congregate in "hackerspaces" so it's all a mix of words.
Existing industrial robots have collision detection, but more for running into big heavy things like machines, not squishy things like people. The fact is that an industrial robot can move *really* fast, and the Baxter robot in this video moves *really* slow. So if an industrial robot cell is about 6 times more expensive, but it can do 10 times the throughput (I think that's conservative from what I saw in that video) then you'd go with the traditional industrial robot in a cage.
Where Baxter might shine is in some kind of job shop where they do contract work to stamp out 10,000 widgets for some customer, and they're constantly reconfiguring their production line. People are always more flexible, but in this case, you now have a robot that's much easier to change, and it's cheap, but it actually moves slower than a human.
Probably to make it corrosion resistant. Latinum may be volatile if exposed to air.
There is one very, very critical thing missing: You have zero control over the state that manifests itself synchronously. Completely unusable for anything except a stunt.
Oh, I don't know... seems to me that's a great way to generate private encryption keys at 2 different locations without having to worry about anyone capturing those keys in transit.
Not exactly. An automatic transmission is a *requirement* for some drivers, so there is no upgrade/downgrade about it. For someone who is good at (and enjoys) driving stick, manual->automatic is not an upgrade. For instance, an electric->gas stove isn't an upgrade for my parents because they don't have a gas connection at their house.
Just think how well you would've done if you *hadn't* been a pothead all these years!