I once observed a low threshold LED (has a much less than 1.4V on-voltage) that was only attached by one lead, with the other lead hanging freely in space. The LED was quite clearly "on". When you put your finger closer to the free hanging lead (but not touch) it got brighter. It was just acting as an antenna in a room with lots of EM radiation around, and the induced current was enough to light it up.
Who goes around thinking email is private? It goes across public networks in plain text. If you check your email at your significant other's house, everything you see goes through a network device controlled by them.
In order to do this, they're either evaluating the code on the client to determine if you won a badge or not, which makes it extremely "hackable" (i.e. anyone can hack the client to make it send the signal that they've won a badge), or, even worse, it's sending all of your code to Microsoft for evaluation. I'm not sure your employer would approve of your IDE transmitting all their proprietary code to Microsoft.
One of the things that one of my teachers said to me in primary school was: "never compare yourself to the worst, or you'll always sink to their level. Always compare yourself to the best." That's good advice here. If you just keep patting yourself on the back for how great you think you are, you'll never get better, and you'll be less competitive.
It's easier to just take money out of the equation. How do you do that? Just make it so that house and senate votes use a secret ballot, just like the way we vote for our representatives. If they can't prove how they voted, then trying to buy their votes is pointless. The only incentive left to them will be to vote the way they *personally* think would be the best. For most of us, that's along our ideals. Sure you wouldn't be able to check up on how your representative voted, but that feature clearly isn't solving the problem anyway.
Canada always gets left out of (or ripped off by) these buffet style streaming services (be it music, movies, or whatever) because no one wants to go through the hassle of negotiating licensing fees for such a small market.
I thought you guys were already the clear by paying a small tax on your CD-R disks?
I was reading somewhere that someone with a similar problem implemented a 5 minute delay before he could connect to the internet. The delay filtered out the times he went online just for procrastination, or just "because it was there". I find a lot of times I open a browser because I'm waiting for some long-running process (like 25 seconds) and my mind wanders. Even if I had a 60 second delay, I'd probably do that a lot less.
Similarly, Paul Graham said he uses two computers - one for coding and one that sits across the room connected to the internet. He has to physically get up and move to go online, so it has to be worth doing it. That's enough to block out the procrastination type stuff. More Reading.
From my understanding of the design, this isn't electronic at all. It's mechanical. Its design uses bronze age components so it can be repaired and maintained.
I've been contracting on Industrial Control systems for over 10 years. I've never ever seen what you're talking about. However, there are certain *industries* that I haven't worked in where that might be the case. However, I have worked on a machine in the pharma industry, but even though they had much more stringent testing procedures, they still (a) didn't review every line of code and (b) hadn't caught a very serious bug that I found in the code when I was making some changes. In fact, I'm a P.Eng. (very serious chap), and I've never had to put my stamp on anything in this industry.
Now, there is a subset of Industrial Controls broadly labelled as Safety Systems. These are the parts of the machine that ensure that an operator can't be harmed (it affects how you guard the machine, physical access control, etc.). There are lots of regulations, audits, etc., and you definitely need a P.Eng. involved for that, depending on your geographic location of course. However, that only has to do with controlling potential energy (so, if an operator wants to open an access door, and there's a spinning component, you might need a zero speed sensor interlocked with the door to prevent them from opening it until it's verified that it's stopped, and that has to be a really expensive device that's proven that any single component failure will be detected, and won't allow the door to be opened. That is, however, nothing to do with the computer security we're talking about.
I should note, modern Safety Systems are available that are software-based and therefore vulnerable to computer security vulnerabilities. They are, at least, required to be locked with a password once the system has been built and signed-off, and you're supposed to have to enter the password to change it, but that doesn't mean the authentication system doesn't have any security holes in it. I highly doubt that part is being audited.
If you're talking about Stuxnet, it was designed to transmit over USB drives. Plus, even though the machines don't necessarily have ethernet ports, you usually program them from an IDE on a laptop communicating over a serial or other proprietary network, and that laptop moves from machine to machine, and even from plant to plant if you're hiring contractors.
I've been in dozens of plants. The answer is... all of them, except the ones where they don't even have the know-how to setup a wireless router at home. Every single decent-sized plant I've visited has most of their industrial automation equipment connected to their computer network. Now, some are more sophisticated than others. Some separate plant-floor from office networks with VLANs. Some actually have physically separate networks, though almost every time I've suggested that, the IT guys demand everything be separated with VLANs (there's too much hassle to maintain two physical networks, especially when you generally have one drop from each at most shop-floor locations). These industrial automation devices collection production data. That data has to be moved up to MES, and then to ERP systems for reporting. People connect to the ERP from their office PCs. They also need Google. There has to be a connection.
If you *don't* connect them, and your competitors do, then you'll be less efficient and you'll go out of business. That's the unfortunate reality of what's going on. If we want security, it will have to be mandated by laws and audited by 3rd parties. Otherwise there's no incentive to do it, particularly if you're already worried about being in business next quarter.
Sigh. This is wrong. Yes, they should be kept on separate VLANs, etc., but at some point someone always needs to get software updates or engineering changes on to the machines, which means you're connecting *some* kind of laptop, thumbdrive, or whatever, from an outside source that has likely been connected to a network that has a connection to the public internet. If you keep the control system isolated, then keeping operating system and anti-virus software up-to-date is just that much harder, which means they'll be susceptible to even older malware.
The recommended policy, at the moment, is to keep control system equipment on a separate VLAN (it still usually needs to be on a network for data acquisition, etc.), then make sure every box in the place has up-to-date OS updates and anti-virus. Industrial automation vendors are only now coming around to help out. Until very recently they used to *void the warranty* if you install anti-virus on the same computer as the software (Rockwell, for instance, used to do this with their RSSQL product, which was a PC-based product that reads data out of their PLCs and writes it to SQL databases, and vice-versa. The RSSQL server is typically a Windows 2003 Server box, and it obviously has a connection to a SQL Server that's connected to the front office for reporting use.).
Stuxnet proved malware can easily just propagate over USB thumbdrives. In fact, we recently installed a metal cutting machine in our facility where the operating system was Windows XP Embedded (very common) and the machine came with a thumbdrive used to transfer work instructions back and forth between it and a CAD workstation. The thumbdrive had a virus on it and was picked up when we inserted it into the CAD workstation! This was a brand new machine from the manufacturer. It was not networked. It obviously didn't have anti-virus.
While PLCs have always enjoyed relative protection because they're usually proprietary hardware and software, Stuxnet proved they're not safe, and also we're seeing most architectures move towards commercial main-stream OS's. One really big player in industrial automation is Beckhoff - their flagship product is called TwinCAT PLC, which is a PC-based PLC. You install a regular Windows XP PC, install TwinCAT, and it installs its own real-time OS underneath Windows to run the control software, and the Windows part runs the programming software and the HMI (Gui). By using commodity hardware, they have a much lower price point, so this is becoming more popular.
SCADA systems are normally PC-based anyway, which is why you see a lot of security stuff about SCADA. I'm just saying PLCs are catching up. And none of the protocols that any of these systems use seem to have any kind of authentication built-in. If you know the protocol (most are open, particularly if you pay a membership fee to the vendor association), then you can connect to any device and tell it to change memory register XYZ to 5, and it will gladly comply. Chances are you'll crash it, but if you have a copy of the software it's running, then you can easily make it do whatever you want (or even upload a new modified program).
Nowhere does it say that we have a right to an internet without objectionable material. If some company wants to provide this as a (paid) service, more power to them.
SCADA networks are usually on a completely separate domain from the corporate network. It'll be behind two sets of firewalls controlled by anal retentive engineers
Thanks for making me snort my coffee.
Two problems: a Siemens S7 PLC is a PLC, not a SCADA system. They are extremely different things. It's like confusing a toaster and a kitchen. Everyone seems to miss this. Problem two: while up until a few years ago, PLC's didn't have network connectivity, so they couldn't be connected to ethernet (they now are routinely), SCADA systems are almost all ethernet capable, and in my experience, they are rarely even put on a separate VLAN, much less behind a firewall.
Besides, Stuxnet was designed to transmit via USB thumbdrives and laptops which are used by everyone in industrial control systems. In my experience, control systems are the least secure systems on the planet, which is scary because they control stuff in the real world!
If you want to follow the (very sad) security state of industrial control systems, follow ICS-CERT.
A Segway is inherently unstable. It's just the inverted pendulum control problem. In this case, there will be an onboard computer doing the stabilization. That's well within our capabilities.
I live in Canada and we had TiVo from around the end of 2006 until just last year. The TiVo service (using Rogers Cable) was excellent, and we feel we've been very spoiled. By the way, the price was no different for us than for US TiVo customers.
Unfortunately, HD threw everything out the window. The Series 2 TiVo's worked by having two analog tuners, which allowed it to tune 2 channels at once, and it could also control your digital cable box if it needed to tune something on a digital channel. In general it worked very well. However, once we got a new HDTV we either had to stick with analog SD cable, or get rid of the TiVo.
You see, HDTV over cable is digital, so you need a decoder. In the US, they have something called CableCard technology. The decoder keys are stored in the card, and you can plug the card (which you get from the cable company) into anyone's decoder. Some US TV's have decoders and you don't even need a box, just the card. This technology allowed TiVo to come out with an HD PVR that accepted a CableCard input.
In Canada, Rogers never adopted CableCard technology. You must rent an HD-capable decoder from them. So we can't use the HD TiVos in Canada.
When you get into the technical details, it's kind of interesting. Since digital decoders can only decode one channel at a time, most HD PVRs just record the encoded HD signal directly to the hard disk. That allows them to "record" more than one show at a time. You only need the decoder in order to play it back. Using CableCard, the TiVo can control the decoder, and can send the recorded signal to it for playback, but if it doesn't control the decoder, it could effectively only record one show at a time. This is complicated by the fact that it in that case it couldn't record the decoded digital signal because the signal in the HDMI cable is encrypted too. So, they'd have to record some component output or something.
Ultimately I see why TiVo made the decision they did, but it left us without HD TiVo in Canada. That made us sad. The Rogers Cable PVR is really, really terrible in comparison.
Yeah, it gets old pretty fast. My wife doesn't put makeup on in the morning for me, but rather because she's going to work. And she doesn't do all that for the men at work, she does it because the other women are judgmental and you'd be inviting gossip if you did anything out of place. So it gets a little old listening to women complain about having to play by the rules that they are the ones enforcing.
On the up-side at least we get to watch. There's entertainment value in it.
Slashdot Mirror
I once observed a low threshold LED (has a much less than 1.4V on-voltage) that was only attached by one lead, with the other lead hanging freely in space. The LED was quite clearly "on". When you put your finger closer to the free hanging lead (but not touch) it got brighter. It was just acting as an antenna in a room with lots of EM radiation around, and the induced current was enough to light it up.
Who goes around thinking email is private? It goes across public networks in plain text. If you check your email at your significant other's house, everything you see goes through a network device controlled by them.
In order to do this, they're either evaluating the code on the client to determine if you won a badge or not, which makes it extremely "hackable" (i.e. anyone can hack the client to make it send the signal that they've won a badge), or, even worse, it's sending all of your code to Microsoft for evaluation. I'm not sure your employer would approve of your IDE transmitting all their proprietary code to Microsoft.
One of the things that one of my teachers said to me in primary school was: "never compare yourself to the worst, or you'll always sink to their level. Always compare yourself to the best." That's good advice here. If you just keep patting yourself on the back for how great you think you are, you'll never get better, and you'll be less competitive.
It's easier to just take money out of the equation. How do you do that? Just make it so that house and senate votes use a secret ballot, just like the way we vote for our representatives. If they can't prove how they voted, then trying to buy their votes is pointless. The only incentive left to them will be to vote the way they *personally* think would be the best. For most of us, that's along our ideals. Sure you wouldn't be able to check up on how your representative voted, but that feature clearly isn't solving the problem anyway.
Canada always gets left out of (or ripped off by) these buffet style streaming services (be it music, movies, or whatever) because no one wants to go through the hassle of negotiating licensing fees for such a small market.
I thought you guys were already the clear by paying a small tax on your CD-R disks?
That's only for music, not video/movies/TV shows.
I was reading somewhere that someone with a similar problem implemented a 5 minute delay before he could connect to the internet. The delay filtered out the times he went online just for procrastination, or just "because it was there". I find a lot of times I open a browser because I'm waiting for some long-running process (like 25 seconds) and my mind wanders. Even if I had a 60 second delay, I'd probably do that a lot less.
Similarly, Paul Graham said he uses two computers - one for coding and one that sits across the room connected to the internet. He has to physically get up and move to go online, so it has to be worth doing it. That's enough to block out the procrastination type stuff. More Reading.
You could call Mt. Rushmore and Crazyhorse both useless, but they do serve a purpose.
From my understanding of the design, this isn't electronic at all. It's mechanical. Its design uses bronze age components so it can be repaired and maintained.
Maybe someone's already aiming on seasonally at California? ;)
I've been contracting on Industrial Control systems for over 10 years. I've never ever seen what you're talking about. However, there are certain *industries* that I haven't worked in where that might be the case. However, I have worked on a machine in the pharma industry, but even though they had much more stringent testing procedures, they still (a) didn't review every line of code and (b) hadn't caught a very serious bug that I found in the code when I was making some changes. In fact, I'm a P.Eng. (very serious chap), and I've never had to put my stamp on anything in this industry.
Now, there is a subset of Industrial Controls broadly labelled as Safety Systems. These are the parts of the machine that ensure that an operator can't be harmed (it affects how you guard the machine, physical access control, etc.). There are lots of regulations, audits, etc., and you definitely need a P.Eng. involved for that, depending on your geographic location of course. However, that only has to do with controlling potential energy (so, if an operator wants to open an access door, and there's a spinning component, you might need a zero speed sensor interlocked with the door to prevent them from opening it until it's verified that it's stopped, and that has to be a really expensive device that's proven that any single component failure will be detected, and won't allow the door to be opened. That is, however, nothing to do with the computer security we're talking about.
I should note, modern Safety Systems are available that are software-based and therefore vulnerable to computer security vulnerabilities. They are, at least, required to be locked with a password once the system has been built and signed-off, and you're supposed to have to enter the password to change it, but that doesn't mean the authentication system doesn't have any security holes in it. I highly doubt that part is being audited.
If you're talking about Stuxnet, it was designed to transmit over USB drives. Plus, even though the machines don't necessarily have ethernet ports, you usually program them from an IDE on a laptop communicating over a serial or other proprietary network, and that laptop moves from machine to machine, and even from plant to plant if you're hiring contractors.
I've been in dozens of plants. The answer is... all of them, except the ones where they don't even have the know-how to setup a wireless router at home. Every single decent-sized plant I've visited has most of their industrial automation equipment connected to their computer network. Now, some are more sophisticated than others. Some separate plant-floor from office networks with VLANs. Some actually have physically separate networks, though almost every time I've suggested that, the IT guys demand everything be separated with VLANs (there's too much hassle to maintain two physical networks, especially when you generally have one drop from each at most shop-floor locations). These industrial automation devices collection production data. That data has to be moved up to MES, and then to ERP systems for reporting. People connect to the ERP from their office PCs. They also need Google. There has to be a connection.
If you *don't* connect them, and your competitors do, then you'll be less efficient and you'll go out of business. That's the unfortunate reality of what's going on. If we want security, it will have to be mandated by laws and audited by 3rd parties. Otherwise there's no incentive to do it, particularly if you're already worried about being in business next quarter.
Sigh. This is wrong. Yes, they should be kept on separate VLANs, etc., but at some point someone always needs to get software updates or engineering changes on to the machines, which means you're connecting *some* kind of laptop, thumbdrive, or whatever, from an outside source that has likely been connected to a network that has a connection to the public internet. If you keep the control system isolated, then keeping operating system and anti-virus software up-to-date is just that much harder, which means they'll be susceptible to even older malware. The recommended policy, at the moment, is to keep control system equipment on a separate VLAN (it still usually needs to be on a network for data acquisition, etc.), then make sure every box in the place has up-to-date OS updates and anti-virus. Industrial automation vendors are only now coming around to help out. Until very recently they used to *void the warranty* if you install anti-virus on the same computer as the software (Rockwell, for instance, used to do this with their RSSQL product, which was a PC-based product that reads data out of their PLCs and writes it to SQL databases, and vice-versa. The RSSQL server is typically a Windows 2003 Server box, and it obviously has a connection to a SQL Server that's connected to the front office for reporting use.). Stuxnet proved malware can easily just propagate over USB thumbdrives. In fact, we recently installed a metal cutting machine in our facility where the operating system was Windows XP Embedded (very common) and the machine came with a thumbdrive used to transfer work instructions back and forth between it and a CAD workstation. The thumbdrive had a virus on it and was picked up when we inserted it into the CAD workstation! This was a brand new machine from the manufacturer. It was not networked. It obviously didn't have anti-virus. While PLCs have always enjoyed relative protection because they're usually proprietary hardware and software, Stuxnet proved they're not safe, and also we're seeing most architectures move towards commercial main-stream OS's. One really big player in industrial automation is Beckhoff - their flagship product is called TwinCAT PLC, which is a PC-based PLC. You install a regular Windows XP PC, install TwinCAT, and it installs its own real-time OS underneath Windows to run the control software, and the Windows part runs the programming software and the HMI (Gui). By using commodity hardware, they have a much lower price point, so this is becoming more popular. SCADA systems are normally PC-based anyway, which is why you see a lot of security stuff about SCADA. I'm just saying PLCs are catching up. And none of the protocols that any of these systems use seem to have any kind of authentication built-in. If you know the protocol (most are open, particularly if you pay a membership fee to the vendor association), then you can connect to any device and tell it to change memory register XYZ to 5, and it will gladly comply. Chances are you'll crash it, but if you have a copy of the software it's running, then you can easily make it do whatever you want (or even upload a new modified program).
For goodness sake, please read the other comments above you. He probably has a Farnsworth Fusor.
Yes, one guy posing in a picture had a T-Shirt on that said "I'm here for the riot". I don't think he bought that after the riot started.
Nowhere does it say that we have a right to an internet without objectionable material. If some company wants to provide this as a (paid) service, more power to them.
SCADA networks are usually on a completely separate domain from the corporate network. It'll be behind two sets of firewalls controlled by anal retentive engineers
Thanks for making me snort my coffee. Two problems: a Siemens S7 PLC is a PLC, not a SCADA system. They are extremely different things. It's like confusing a toaster and a kitchen. Everyone seems to miss this. Problem two: while up until a few years ago, PLC's didn't have network connectivity, so they couldn't be connected to ethernet (they now are routinely), SCADA systems are almost all ethernet capable, and in my experience, they are rarely even put on a separate VLAN, much less behind a firewall. Besides, Stuxnet was designed to transmit via USB thumbdrives and laptops which are used by everyone in industrial control systems. In my experience, control systems are the least secure systems on the planet, which is scary because they control stuff in the real world! If you want to follow the (very sad) security state of industrial control systems, follow ICS-CERT.
A Segway is inherently unstable. It's just the inverted pendulum control problem. In this case, there will be an onboard computer doing the stabilization. That's well within our capabilities.
For an example of object-oriented language that supports "units of measure" see F#.
I've seen stuff that alternates, but it doesn't alternate *every occurrence*! It usually alternates every chapter.
A time machine to buy? The iPad 1's are still on sale around here.
I live in Canada and we had TiVo from around the end of 2006 until just last year. The TiVo service (using Rogers Cable) was excellent, and we feel we've been very spoiled. By the way, the price was no different for us than for US TiVo customers. Unfortunately, HD threw everything out the window. The Series 2 TiVo's worked by having two analog tuners, which allowed it to tune 2 channels at once, and it could also control your digital cable box if it needed to tune something on a digital channel. In general it worked very well. However, once we got a new HDTV we either had to stick with analog SD cable, or get rid of the TiVo. You see, HDTV over cable is digital, so you need a decoder. In the US, they have something called CableCard technology. The decoder keys are stored in the card, and you can plug the card (which you get from the cable company) into anyone's decoder. Some US TV's have decoders and you don't even need a box, just the card. This technology allowed TiVo to come out with an HD PVR that accepted a CableCard input. In Canada, Rogers never adopted CableCard technology. You must rent an HD-capable decoder from them. So we can't use the HD TiVos in Canada. When you get into the technical details, it's kind of interesting. Since digital decoders can only decode one channel at a time, most HD PVRs just record the encoded HD signal directly to the hard disk. That allows them to "record" more than one show at a time. You only need the decoder in order to play it back. Using CableCard, the TiVo can control the decoder, and can send the recorded signal to it for playback, but if it doesn't control the decoder, it could effectively only record one show at a time. This is complicated by the fact that it in that case it couldn't record the decoded digital signal because the signal in the HDMI cable is encrypted too. So, they'd have to record some component output or something. Ultimately I see why TiVo made the decision they did, but it left us without HD TiVo in Canada. That made us sad. The Rogers Cable PVR is really, really terrible in comparison.
The fact that you have to point this out makes me sad and question our own intelligence.
Yeah, it gets old pretty fast. My wife doesn't put makeup on in the morning for me, but rather because she's going to work. And she doesn't do all that for the men at work, she does it because the other women are judgmental and you'd be inviting gossip if you did anything out of place. So it gets a little old listening to women complain about having to play by the rules that they are the ones enforcing. On the up-side at least we get to watch. There's entertainment value in it.