At least we know he's honest at least this one time. "I'm sorry I got caught" is obviously true. "I'm sorry for being a hostile, juvenile dickweed who never learned English grammar, spelling, manners, customer service skills, the Golden Rule, or basic human communication skills" is expected, but is impossible to figure out if it's true or not.
Let me carry that vehicle analogy just one step further to the infrastructure level, and then you can answer some questions: Do you know how thick the class 5 limestone needs to be to support a four lane concrete freeway when building a road on a clay-silt base? What's the weight required for the tamping machine to ensure it's adequately packed down so the roadbed doesn't crack? How much reinforcing mesh do you have to put in the concrete, and how close to the road surface can it be? What is the proper spacing for expansion joints? What joint material works best if the road is subjected to salting in the winter for traction? If you don't know how to build your own road, you certainly don't know how to drive on one, so "GET THE HELL OUT from behind the steering wheel!"
The argument may have had some merit in the past, before roads were regularly paved, and when driving through a puddle risked sinking the vehicle to the axles. But we've moved into the era where most people need to get on line just to function in society. They don't understand the infrastructure, they will never understand the infrastructure, but they still need the infrastructure, so they have to buy and install a router anyway. It's now the job of the infrastructure component providers to make the hardware and software work for these people who don't know what they're buying, or even why they have to buy one. If default router security is bad, it's now the fault of the router makers. If default switch security is bad, it's the fault of the switch makers.
Like it or not, people who don't even know how they get on line are here to stay. We either have to deal with it, or create our own little anti-social darknet and hide out there, posting a "NO NEWBS ALLOWED" sign on the door, like it's the clubhouse for some very confused techno-Luddites.
Rather than rush to a separate IT department, try to more narrowly define the problem. I'm guessing you're seeing a difference between keeping the broadcasting equipment up and running; keeping the news, sales, and accounting department's PCs running; and keeping the stations' web sites on line. They're all seen by non-techies as "engineering" functions, so trying to create a distinction between "engineering" and "IT" probably won't go over well with management.
Is there some inherent problem with keeping these people within the same pyramid? It doesn't sound like it, as many stations operate this way. Or are you really tackling a political issue, where the current head of engineering is some old guy who doesn't care about this newfangled web stuff, and you don't think the PC side gets the budget/time/attention you think it deserves?
It's always hard to push management into making top level changes. And if you're trying to fight a battle with Mr. Entrenched by making an end-run around him, you've already lost -- he has had the ears of the owner for years, not you. (And in just about every case, he already sees you coming. It's not good to be seen as the usurper.) Instead of trying to work around him, try working harder with him. Look at creating the subdivisions under the existing engineering organization.
That's a good suggestion if the goal is to teach them what it takes to combine artwork, levels, and puzzles into compelling gameplay.
Of course it has a first-person shooter bias, and won't be suited to a sudoku or Tetris type of game. And a zero-tolerance school board may frown upon creating a shoot-em-up in class.
Most environments offer academic licenses that range from "steeply discounted" to "free as in beer" to "free as in speech". Money shouldn't be the only factor to take into account.
You're making a lot of assumptions here based on very thin statements above, and I wouldn't arrive at the same conclusion. The report is only that the thermostat is communicating with a Chinese address. It doesn't say the thermostat was or wasn't behind a firewall. It doesn't say the origins of the sessions with a Chinese server originated from China. It doesn't say they hacked into the thermostat from outside. It doesn't say the thermostat is even available via external access -- IP might just be the protocol it uses natively to talk to the internal HVAC systems, or to allow an internal building operator to run the system.
If I were hacking inside a network and trying to remain hidden, I'd look for ways to cover my tracks. nmap would let me identify my surroundings and help find a weak little system to act as a staging area or communications relay. Printers are often used for this purpose because they're surprisingly capable systems. They have hard disks that can temporarily store large volumes of data while not being noticed by everyday users, lots of patterns of ad hoc network traffic, and are often left unsecured for the convenience of the users. They're often overlooked as security risks, and are commonly left out of patching plans. Because they're expensive, they're not often replaced, and companies may have some older unpatched ones hiding under users' desks. What's important is that any IP device that can be compromised can be abused by an intruder. It's not just printers or thermostats, but could be lighting controllers, security systems, door access control systems, machine tools, video games, you-are-here kiosks, signs and advertising systems, timeclocks, network switches, photo frames, or any of a hundred stupid devices you might find on a network behind a firewall.
Someone might have an IDP watching their high security network, and they might have it set to alarm if they see traffic talking to anything but a 10. address. If they don't look any deeper (and they often don't), they might not notice that one of those addresses is a thermostat that shouldn't be talking to it. Meanwhile, as the hacker, you hope that nobody is doing security audits on thermostats or printers, so nobody will notice that you're using them to communicate outside the organization. It's a guessing game for the hacker when their relay will be discovered, but every bit of misdirection they apply can help delay their discovery, and so lets them derive more value from the hack.
Could they do something different to protect themselves? Of course. They could create a VLAN for their heating and cooling systems that doesn't bridge to their business network. Their thermostats could use SCADA instead of IP, because we all know how secure SCADA systems are. They could have a dozen honeypot thermostats set up as tripwires. They could have an IDP that looks for secure traffic through the simple unsecured thermostat systems, indicating someone's using them for nefarious purposes. They could monitor the traffic volume to their thermostats: after all, how much data does a thermostat really need to send and/or receive? But these aren't necessarily lessons that were taught in CISSP school.
Essentially, what you're saying is buying these cables is almost equivalent to a religious sacrifice, making the purchaser feel better about themselves for the rich experiences they will surely receive as a reward, and that mocking these people is equivalent to mocking the religious for their beliefs.
Make sure the computer desks have anchor points and cables. Lock the monitors with security cables using microclips in the K-slot lock point holes, and run the same cable through a microclip in the PC case to lock the cases shut and secured. There are also cable trap devices so you can route USB cables for mice and keyboards through them. If possible keep the padlock ends of the cable under the desks, where bored fingers won't have an easy opportunity to pick them.
Locking cabinets and drawers large enough for spare equipment. Think PC cabinets, monitors, cables.
Filtered power strips along the table / desk tops.
School logo mousepads, of course.:-) You'll probably have to have them screwed and glued to the desktops, though.:-(
For equipment, I'm guessing your school already has a supplier of PCs, so you'll almost certainly be getting the school district's bog standard crap PCs. Nobody can help you there. Ask for second monitors, though.
A projector that can hook to your machine. Use tools like VLC to display the student desktops when they're presenting from their machines.
Have VMware virtual machines available on the desktops. It lets the students do work as system administrators without putting the actual host systems at too much risk.
The rest of the suggestions are really more ideas that depend on what you're planning to teach them. Programming? Networking? Intro to PCs 101? Build-your-own? Pen testing? Security? Digital forensics? Computer graphic arts? Administration? DBAs? Modeling? Social engineering?
Want to do network experiments? Have a free-standing rack mount visible at the front of the room. Mount two network switches and two routers in it so you can do networking experiments. It doesn't have to be connected to the school's network. You might put a classroom server in this rack. Again, security is important, so you would at least have to cable lock it down, if not keeping it in a locking cage rack.
For build your own or PC 101, think about asking some parents at the start of the year for old computer donations, and have the students build or rebuild a few in class. Have a toolbox handy with the standard PC tools. Again, the locking cabinets are important for holding unfinished projects and components.
I think Microsoft is still legally obligated to feel guilty about their monopolistic practices. Consider asking them for software suites appropriate with what you'll be teaching them. Ask for classroom copies for each server of Windows Server 2008, SQL Server 2008, get a copy of Visual Studio TFS 2010, and for each desktop ask for Windows 7, Office 2010 Professional Plus, Visio 2010, Expression Blend, and Visual Studio 2010 Premium Edition.
You might need a forensic machine for studying hard disks removed from other computers.
Web cams? Audio recorders and microphones? A big honkin' server to run blender? Robotics kits? Bluetooth transceivers?
embedded operating system wouldn't have helped.. when network was never meant to be attached to public internet in the first place.
A custom embedded OS, one they could maintain themselves, would have helped tremendously in preserving the longevity of the investment. If the controllers back then had 8MB of RAM, they simply would not have added crap to their OS patches making them require machines larger than 8MB. They had full control of the hardware (they were building it, after all.) An embedded OS could have been maintained for many decades while remaining within the 8MB constraint of their oldest systems. Windows, on the other hand, set the standard for needing ever increasing amounts of RAM on a very short cycle, which no hardware available in 1995 could currently contain.
Building a factory is a giant company-risking investment. It's an all-in bet with the expectation of many years of future sales paying off the mortgage. As such, many of the systems they're built with don't change over a long period of time. I know of a machine shop that is still running equipment originally built to make parts for the second world war. Over the last 15 years the owner has slowly been converting the cam driven equipment to CNC control, but that's a very expensive investment for a small business. When you're creating a system that you know could last 60 years, making a choice of OS that has had no example of support lasting more than a decade is irresponsible. Companies like Siemens are why Microsoft has offered extended XP support all the way until 2014, but that's little consolation to anyone who expects their Siemens equipment to last until 2050.
I saw HMIs back in the early 1980s that were built on dumb terminals, with colored line drawings on a 25x80 screen, and the menu represented by a series of function keys listed across the bottom of the screen. There's even an ancient serial terminal in the North Star Building's elevator lobby in Minneapolis that still displays a curses-drawn picture of the elevator system operating. These screens are certainly adequate to graphically represent the systems they are controlling in a very understandable manner, and if you follow the links in TFA and take a look at those screenshot pictures the guy grabbed, those drawings that South Houston uses were not vastly improved by the addition of clip art pumps. Windows(TM) was not responsible for carrying lots of meaning to the operators.
I completely understand the desire for systems that are easy to access, that integrate better with the business, and the desire to maximize profits by selling cheap, off the shelf solutions. But even back when they were switching to Windows NT in the mid '90s, security was a prominent issue. Viruses were widespread. Engineers were appalled that people were going to use Windows in various real-world system controllers. And Microsoft had long established the practice of periodic upgrade paths, requiring newer and bigger hardware to keep up. Every one of these problems was well known and understood to present a real risk, yet they did it anyway.
Even picking a different commercial graphical OS would have helped somewhat. Heterogeneous systems have an inherent resistance to accidental security problems, and provide a good buffer against stupid malware problems like Windows viruses. Of course, we know heterogeneity did not save Iran from Stuxnet. Stuxnet's Windows payload knew how to cross the boundary and attack their SCADA network, too. But the non-physical attack surfaces of the SCADA controller could have been realistically reduced to almost zero on a proprietary OS. The Windows XP controller they ran was Swiss cheese, and was penetrated by 4 different zero day exploits, including both network and USB vectors. Had that system been running QNX, for example, and loading new configurations via ancient bubble memory cartridges or paper tape (or even a simple serial cable), Iran would probably still have their enrichment plant up and running at full capacity.
Siemens could probably even keep their current sketchy Windows systems as the controlling systems, if they were to be just a tiny bit smarter and place a firmware-based firewall in front of any system updates. A tiny microprocessor program running on an embedded platform could operate the USB port they upload new programs into, then transmit those programs onto the controller via serial cable. One very simple, fully verifiable service could listen on that serial port, and fully validate every byte of input before allowing any of it to be stored. While this wouldn't stop malicious machine code being delivered, it would prevent the real time hijacking of the controller itself.
I don't know about your community, but mine complains incessantly about taxes. If we had to have full-time SCADA engineers guaranteeing on site support 24x7, we'd have to pay more for water, sewer, gas, electricity, street lights, traffic control signals, and all those other industrial controllers that are hidden under little green boxes on the side of the roads.
And I live in a large, wealthy city that could afford such amenities. I'm picturing the poor bastards in Bumfuck, Idaho*, population 174, located three hours from the nearest grass-strip airport. Who exactly is going to monitor their town water pump and filtration plant? Are you and every other taxpayer going to agree to pony up an extra $500/year to have a SCADA engineer sitting in the town bar all day and night, just waiting for your pump to croak? Or are you going to contract with REMOTE-SCADA-R-US.com to remotely monitor and maintain your plant, and possibly fix issues in minutes instead of days?
I'm not saying that they should just plug it into the internet and walk off. But disconnected isn't even an option for a lot of installations.
*My apologies to any fatherless indigents living in or near Bumfuck, Idaho. I'm sure you're all very nice people.
The problem lies squarely with Siemens. They made the choice to build systems with expected design lifetimes of more than 20 years on top of platforms that have a known support lifetime of less than that.
Their needs for OS services are not great. They could have developed their own operating system. They could have bought a small embedded operating system that they would then support in-house. They could have licensed an open source OS such as FreeBSD. They don't need a GUI. They don't need audio support. They don't need to support eSATA drives or Bluetooth or mice or USB or nVidia or any of the thousands of drivers that Windows ships with by default.
Everything about these systems needing to be super-long-term stable has been known in this industry since the early 1980s. Their engineers have understood these principles for as long as SCADA has existed. They knew better than to pick a flavor-of-the-month consumer OS. And they still did it. I don't care if it was a manager who thought "Microsoft Windows programmers are a dime a dozen so we can do this on the cheap," or if the CEO was photographed in bed with a Microsoft swallow, they were responsible for the choice.
Siemens knowingly chose to build their entire SCADA empire on top of an insecure platform. And that is entirely their fault.
The Sprawl trilogy is "classic cyberpunk", and if you haven't read it yet, it is dated but still fun. The Bridge trilogy kind of carries the Sprawl a bit farther forward, but I found the "spirituality" aspects less interesting than the first trilogy. YMMV. The Blue Ant trilogy has almost nothing to do with cyberpunk or his other books, and is set about 10 minutes in the future (or 30 minutes in the past, depending on what kinds of toys you play with.) I really enjoyed it.
While he's often cited as a visionary writer, the thing I like best about Gibson is his writing by analogy style. He spares words by making an association of a setting, activity, or thing with a concept I'm already familiar with, but doesn't go into great detail. Future references around that thing will bring it up only obliquely with a simple associated word, and I find it enjoyable making these connections. Kind of an English Lit version of "Darmok and Jalad at Tenagra", or "Picard and Dathon at El-Adrel" or "All nerds watched Star Trek TNG."
The number of crashes in 1972: 3000+.... 2010: 1000+. Do you think the amount of technology has increased or decreased since 1972? How about the number of flights? The fact is computers have made flying safer, and any pilot will tell you that.
There are plenty of irrational people who DO NOT believe those arguments. For example, try engaging in a Slashdot discussion of the advancements in car technology that make driving safer: blind spot detectors, radar assisted cruise control, collision warning alarms, traction control, ABS, etc., and they will turn like a pack of stupid dogs chasing a car. The argument quickly becomes a giant defensive "I'm a better driver than all those things! I'm safer if I do all these things manually! I'm much more aware of my surroundings than a sensor! You suck because you don't know how to drive so you let your car do it! I would never drive like X!" They aren't interested in statistics. They aren't interested in facts. They believe themselves to be God's own chosen chauffeur, and any suggestion that a computer system would make anyone a safer driver is bullshit.
It's frightening, really, to see that level of arrogance when so many people obviously drive like crap. To think that a blind spot detector will somehow make someone a worse driver is utterly batshit crazy, yet these idiots will scream down all opposition to their crazy rants. So look at all the people in this thread going off about how the fly-by-wire systems will kill passengers even though the pilots are clearly more often the cause, and no, I don't think every pilot will agree with you on that fact.
Barbie didn't say "GIVE to the church" or "GIVE to the politicians", she said "ASK at the church or ASK local politicians". These are people who see others in need, and would have advice for finding local deserving families or neighborhoods.
You want scary? At $CLINIC we use, they run Windows NT 4.0 on their ultrasonic diagnostic equipment, because the system was certified only with that OS at whatever the patch level was when they tested it. While that may seem innocuous, the damn thing is on the freakin' network, because the doctors want to email images to their patients!
I sure don't want me or my family to be the ones to have to file the lawsuit when a "zombie" actually causes someone to die from a faulty diagnosis, or because some machinery failed due to a DDoS attack originating on their network.
Dang, you're absolutely right. It's still a 32 bit toolchain that's emitting 64 bit binaries.
So the thing I got wrong above should have been: When Visual Studio 2010 (regardless of platform) compiles & links a 32-bit app, the binaries are compatible only with XP SP2 or later. Correct?
No, you missed a fact. Visual Studio 2005 is a 32-bit app on any Windows platform. Visual Studio 2010 is a 32-bit app when running on a 32-bit platform. Mozilla builds on 32-bit platforms can no longer support the PGO linker.
Visual Studio 2010 is a 64-bit app on a 64-bit platform. Mozilla builds on 64-bit platforms can PGO link just fine. When Visual Studio 64-bit compiles a 32-bit app, that app can run only on XP SP2 or later. Mozilla has millions of users on pre-XP SP2 platforms.
So Mozilla has a choice: change nothing but stop PGO linking the 32-bit versions (sub-optimum for 32-bit users), go forward on a 64-bit only path and disenfranchise the old users from getting any new functions, abandon them completely (which is irresponsible in terms of security), cut back on new features for all, or take an axe to the existing code. Only one is an easy choice.
Those major could have asked some of their employees to test if there was some of their own movies being pirated, acting like pirates for a few moments...
Yep. Fox was making sure that Sony movies were being pirated, by downloading them.
No doubt they were trying to help Sony's legal case by making their downloading problem look even worse.
Not really... As the rights holder they can distribute it for free to as many people as they want. They can also say that those people do NOT have the right to distribute it to others. It's not the fault of the PR arm if the people they give a work to proceed to do something illegal with it.
I *so* want to be on the jury of a trial testing that bit of legal theory.
Slashdot Mirror
At least we know he's honest at least this one time. "I'm sorry I got caught" is obviously true. "I'm sorry for being a hostile, juvenile dickweed who never learned English grammar, spelling, manners, customer service skills, the Golden Rule, or basic human communication skills" is expected, but is impossible to figure out if it's true or not.
I have no idea how people this incompetent get to design widely used protocols.
The guys who wrote WEP were willing to work for cheap.
Let me carry that vehicle analogy just one step further to the infrastructure level, and then you can answer some questions: Do you know how thick the class 5 limestone needs to be to support a four lane concrete freeway when building a road on a clay-silt base? What's the weight required for the tamping machine to ensure it's adequately packed down so the roadbed doesn't crack? How much reinforcing mesh do you have to put in the concrete, and how close to the road surface can it be? What is the proper spacing for expansion joints? What joint material works best if the road is subjected to salting in the winter for traction? If you don't know how to build your own road, you certainly don't know how to drive on one, so "GET THE HELL OUT from behind the steering wheel!"
The argument may have had some merit in the past, before roads were regularly paved, and when driving through a puddle risked sinking the vehicle to the axles. But we've moved into the era where most people need to get on line just to function in society. They don't understand the infrastructure, they will never understand the infrastructure, but they still need the infrastructure, so they have to buy and install a router anyway. It's now the job of the infrastructure component providers to make the hardware and software work for these people who don't know what they're buying, or even why they have to buy one. If default router security is bad, it's now the fault of the router makers. If default switch security is bad, it's the fault of the switch makers.
Like it or not, people who don't even know how they get on line are here to stay. We either have to deal with it, or create our own little anti-social darknet and hide out there, posting a "NO NEWBS ALLOWED" sign on the door, like it's the clubhouse for some very confused techno-Luddites.
0 BULLS, 1 COWS.
Actually, it sounds like a lot of bulls...
Rather than rush to a separate IT department, try to more narrowly define the problem. I'm guessing you're seeing a difference between keeping the broadcasting equipment up and running; keeping the news, sales, and accounting department's PCs running; and keeping the stations' web sites on line. They're all seen by non-techies as "engineering" functions, so trying to create a distinction between "engineering" and "IT" probably won't go over well with management.
Is there some inherent problem with keeping these people within the same pyramid? It doesn't sound like it, as many stations operate this way. Or are you really tackling a political issue, where the current head of engineering is some old guy who doesn't care about this newfangled web stuff, and you don't think the PC side gets the budget/time/attention you think it deserves?
It's always hard to push management into making top level changes. And if you're trying to fight a battle with Mr. Entrenched by making an end-run around him, you've already lost -- he has had the ears of the owner for years, not you. (And in just about every case, he already sees you coming. It's not good to be seen as the usurper.) Instead of trying to work around him, try working harder with him. Look at creating the subdivisions under the existing engineering organization.
That's a good suggestion if the goal is to teach them what it takes to combine artwork, levels, and puzzles into compelling gameplay.
Of course it has a first-person shooter bias, and won't be suited to a sudoku or Tetris type of game. And a zero-tolerance school board may frown upon creating a shoot-em-up in class.
Most environments offer academic licenses that range from "steeply discounted" to "free as in beer" to "free as in speech". Money shouldn't be the only factor to take into account.
You're making a lot of assumptions here based on very thin statements above, and I wouldn't arrive at the same conclusion. The report is only that the thermostat is communicating with a Chinese address. It doesn't say the thermostat was or wasn't behind a firewall. It doesn't say the origins of the sessions with a Chinese server originated from China. It doesn't say they hacked into the thermostat from outside. It doesn't say the thermostat is even available via external access -- IP might just be the protocol it uses natively to talk to the internal HVAC systems, or to allow an internal building operator to run the system.
If I were hacking inside a network and trying to remain hidden, I'd look for ways to cover my tracks. nmap would let me identify my surroundings and help find a weak little system to act as a staging area or communications relay. Printers are often used for this purpose because they're surprisingly capable systems. They have hard disks that can temporarily store large volumes of data while not being noticed by everyday users, lots of patterns of ad hoc network traffic, and are often left unsecured for the convenience of the users. They're often overlooked as security risks, and are commonly left out of patching plans. Because they're expensive, they're not often replaced, and companies may have some older unpatched ones hiding under users' desks. What's important is that any IP device that can be compromised can be abused by an intruder. It's not just printers or thermostats, but could be lighting controllers, security systems, door access control systems, machine tools, video games, you-are-here kiosks, signs and advertising systems, timeclocks, network switches, photo frames, or any of a hundred stupid devices you might find on a network behind a firewall.
Someone might have an IDP watching their high security network, and they might have it set to alarm if they see traffic talking to anything but a 10. address. If they don't look any deeper (and they often don't), they might not notice that one of those addresses is a thermostat that shouldn't be talking to it. Meanwhile, as the hacker, you hope that nobody is doing security audits on thermostats or printers, so nobody will notice that you're using them to communicate outside the organization. It's a guessing game for the hacker when their relay will be discovered, but every bit of misdirection they apply can help delay their discovery, and so lets them derive more value from the hack.
Could they do something different to protect themselves? Of course. They could create a VLAN for their heating and cooling systems that doesn't bridge to their business network. Their thermostats could use SCADA instead of IP, because we all know how secure SCADA systems are. They could have a dozen honeypot thermostats set up as tripwires. They could have an IDP that looks for secure traffic through the simple unsecured thermostat systems, indicating someone's using them for nefarious purposes. They could monitor the traffic volume to their thermostats: after all, how much data does a thermostat really need to send and/or receive? But these aren't necessarily lessons that were taught in CISSP school.
Essentially, what you're saying is buying these cables is almost equivalent to a religious sacrifice, making the purchaser feel better about themselves for the rich experiences they will surely receive as a reward, and that mocking these people is equivalent to mocking the religious for their beliefs.
I see no downside to this.
Make sure the computer desks have anchor points and cables. Lock the monitors with security cables using microclips in the K-slot lock point holes, and run the same cable through a microclip in the PC case to lock the cases shut and secured. There are also cable trap devices so you can route USB cables for mice and keyboards through them. If possible keep the padlock ends of the cable under the desks, where bored fingers won't have an easy opportunity to pick them.
Locking cabinets and drawers large enough for spare equipment. Think PC cabinets, monitors, cables.
Filtered power strips along the table / desk tops.
School logo mousepads, of course. :-) You'll probably have to have them screwed and glued to the desktops, though. :-(
For equipment, I'm guessing your school already has a supplier of PCs, so you'll almost certainly be getting the school district's bog standard crap PCs. Nobody can help you there. Ask for second monitors, though.
A projector that can hook to your machine. Use tools like VLC to display the student desktops when they're presenting from their machines.
Have VMware virtual machines available on the desktops. It lets the students do work as system administrators without putting the actual host systems at too much risk.
The rest of the suggestions are really more ideas that depend on what you're planning to teach them. Programming? Networking? Intro to PCs 101? Build-your-own? Pen testing? Security? Digital forensics? Computer graphic arts? Administration? DBAs? Modeling? Social engineering?
Want to do network experiments? Have a free-standing rack mount visible at the front of the room. Mount two network switches and two routers in it so you can do networking experiments. It doesn't have to be connected to the school's network. You might put a classroom server in this rack. Again, security is important, so you would at least have to cable lock it down, if not keeping it in a locking cage rack.
For build your own or PC 101, think about asking some parents at the start of the year for old computer donations, and have the students build or rebuild a few in class. Have a toolbox handy with the standard PC tools. Again, the locking cabinets are important for holding unfinished projects and components.
I think Microsoft is still legally obligated to feel guilty about their monopolistic practices. Consider asking them for software suites appropriate with what you'll be teaching them. Ask for classroom copies for each server of Windows Server 2008, SQL Server 2008, get a copy of Visual Studio TFS 2010, and for each desktop ask for Windows 7, Office 2010 Professional Plus, Visio 2010, Expression Blend, and Visual Studio 2010 Premium Edition.
You might need a forensic machine for studying hard disks removed from other computers.
Web cams? Audio recorders and microphones? A big honkin' server to run blender? Robotics kits? Bluetooth transceivers?
embedded operating system wouldn't have helped.. when network was never meant to be attached to public internet in the first place.
A custom embedded OS, one they could maintain themselves, would have helped tremendously in preserving the longevity of the investment. If the controllers back then had 8MB of RAM, they simply would not have added crap to their OS patches making them require machines larger than 8MB. They had full control of the hardware (they were building it, after all.) An embedded OS could have been maintained for many decades while remaining within the 8MB constraint of their oldest systems. Windows, on the other hand, set the standard for needing ever increasing amounts of RAM on a very short cycle, which no hardware available in 1995 could currently contain.
Building a factory is a giant company-risking investment. It's an all-in bet with the expectation of many years of future sales paying off the mortgage. As such, many of the systems they're built with don't change over a long period of time. I know of a machine shop that is still running equipment originally built to make parts for the second world war. Over the last 15 years the owner has slowly been converting the cam driven equipment to CNC control, but that's a very expensive investment for a small business. When you're creating a system that you know could last 60 years, making a choice of OS that has had no example of support lasting more than a decade is irresponsible. Companies like Siemens are why Microsoft has offered extended XP support all the way until 2014, but that's little consolation to anyone who expects their Siemens equipment to last until 2050.
I saw HMIs back in the early 1980s that were built on dumb terminals, with colored line drawings on a 25x80 screen, and the menu represented by a series of function keys listed across the bottom of the screen. There's even an ancient serial terminal in the North Star Building's elevator lobby in Minneapolis that still displays a curses-drawn picture of the elevator system operating. These screens are certainly adequate to graphically represent the systems they are controlling in a very understandable manner, and if you follow the links in TFA and take a look at those screenshot pictures the guy grabbed, those drawings that South Houston uses were not vastly improved by the addition of clip art pumps. Windows(TM) was not responsible for carrying lots of meaning to the operators.
I completely understand the desire for systems that are easy to access, that integrate better with the business, and the desire to maximize profits by selling cheap, off the shelf solutions. But even back when they were switching to Windows NT in the mid '90s, security was a prominent issue. Viruses were widespread. Engineers were appalled that people were going to use Windows in various real-world system controllers. And Microsoft had long established the practice of periodic upgrade paths, requiring newer and bigger hardware to keep up. Every one of these problems was well known and understood to present a real risk, yet they did it anyway.
Even picking a different commercial graphical OS would have helped somewhat. Heterogeneous systems have an inherent resistance to accidental security problems, and provide a good buffer against stupid malware problems like Windows viruses. Of course, we know heterogeneity did not save Iran from Stuxnet. Stuxnet's Windows payload knew how to cross the boundary and attack their SCADA network, too. But the non-physical attack surfaces of the SCADA controller could have been realistically reduced to almost zero on a proprietary OS. The Windows XP controller they ran was Swiss cheese, and was penetrated by 4 different zero day exploits, including both network and USB vectors. Had that system been running QNX, for example, and loading new configurations via ancient bubble memory cartridges or paper tape (or even a simple serial cable), Iran would probably still have their enrichment plant up and running at full capacity.
Siemens could probably even keep their current sketchy Windows systems as the controlling systems, if they were to be just a tiny bit smarter and place a firmware-based firewall in front of any system updates. A tiny microprocessor program running on an embedded platform could operate the USB port they upload new programs into, then transmit those programs onto the controller via serial cable. One very simple, fully verifiable service could listen on that serial port, and fully validate every byte of input before allowing any of it to be stored. While this wouldn't stop malicious machine code being delivered, it would prevent the real time hijacking of the controller itself.
I came here looking for a chjevy-powered cooling system.
Knock, knock.
Who's there?
Aether.
Aether who?
Aether Bunny.
I don't know about your community, but mine complains incessantly about taxes. If we had to have full-time SCADA engineers guaranteeing on site support 24x7, we'd have to pay more for water, sewer, gas, electricity, street lights, traffic control signals, and all those other industrial controllers that are hidden under little green boxes on the side of the roads.
And I live in a large, wealthy city that could afford such amenities. I'm picturing the poor bastards in Bumfuck, Idaho*, population 174, located three hours from the nearest grass-strip airport. Who exactly is going to monitor their town water pump and filtration plant? Are you and every other taxpayer going to agree to pony up an extra $500/year to have a SCADA engineer sitting in the town bar all day and night, just waiting for your pump to croak? Or are you going to contract with REMOTE-SCADA-R-US.com to remotely monitor and maintain your plant, and possibly fix issues in minutes instead of days?
I'm not saying that they should just plug it into the internet and walk off. But disconnected isn't even an option for a lot of installations.
*My apologies to any fatherless indigents living in or near Bumfuck, Idaho. I'm sure you're all very nice people.
The problem is not necessarily with Siemens.
The problem lies squarely with Siemens. They made the choice to build systems with expected design lifetimes of more than 20 years on top of platforms that have a known support lifetime of less than that.
Their needs for OS services are not great. They could have developed their own operating system. They could have bought a small embedded operating system that they would then support in-house. They could have licensed an open source OS such as FreeBSD. They don't need a GUI. They don't need audio support. They don't need to support eSATA drives or Bluetooth or mice or USB or nVidia or any of the thousands of drivers that Windows ships with by default.
Everything about these systems needing to be super-long-term stable has been known in this industry since the early 1980s. Their engineers have understood these principles for as long as SCADA has existed. They knew better than to pick a flavor-of-the-month consumer OS. And they still did it. I don't care if it was a manager who thought "Microsoft Windows programmers are a dime a dozen so we can do this on the cheap," or if the CEO was photographed in bed with a Microsoft swallow, they were responsible for the choice.
Siemens knowingly chose to build their entire SCADA empire on top of an insecure platform. And that is entirely their fault.
The Sprawl trilogy is "classic cyberpunk", and if you haven't read it yet, it is dated but still fun.
The Bridge trilogy kind of carries the Sprawl a bit farther forward, but I found the "spirituality" aspects less interesting than the first trilogy. YMMV.
The Blue Ant trilogy has almost nothing to do with cyberpunk or his other books, and is set about 10 minutes in the future (or 30 minutes in the past, depending on what kinds of toys you play with.) I really enjoyed it.
While he's often cited as a visionary writer, the thing I like best about Gibson is his writing by analogy style. He spares words by making an association of a setting, activity, or thing with a concept I'm already familiar with, but doesn't go into great detail. Future references around that thing will bring it up only obliquely with a simple associated word, and I find it enjoyable making these connections. Kind of an English Lit version of "Darmok and Jalad at Tenagra", or "Picard and Dathon at El-Adrel" or "All nerds watched Star Trek TNG."
The number of crashes in 1972: 3000+.... 2010: 1000+. Do you think the amount of technology has increased or decreased since 1972? How about the number of flights? The fact is computers have made flying safer, and any pilot will tell you that.
There are plenty of irrational people who DO NOT believe those arguments. For example, try engaging in a Slashdot discussion of the advancements in car technology that make driving safer: blind spot detectors, radar assisted cruise control, collision warning alarms, traction control, ABS, etc., and they will turn like a pack of stupid dogs chasing a car. The argument quickly becomes a giant defensive "I'm a better driver than all those things! I'm safer if I do all these things manually! I'm much more aware of my surroundings than a sensor! You suck because you don't know how to drive so you let your car do it! I would never drive like X!" They aren't interested in statistics. They aren't interested in facts. They believe themselves to be God's own chosen chauffeur, and any suggestion that a computer system would make anyone a safer driver is bullshit.
It's frightening, really, to see that level of arrogance when so many people obviously drive like crap. To think that a blind spot detector will somehow make someone a worse driver is utterly batshit crazy, yet these idiots will scream down all opposition to their crazy rants. So look at all the people in this thread going off about how the fly-by-wire systems will kill passengers even though the pilots are clearly more often the cause, and no, I don't think every pilot will agree with you on that fact.
Barbie didn't say "GIVE to the church" or "GIVE to the politicians", she said "ASK at the church or ASK local politicians". These are people who see others in need, and would have advice for finding local deserving families or neighborhoods.
You want scary? At $CLINIC we use, they run Windows NT 4.0 on their ultrasonic diagnostic equipment, because the system was certified only with that OS at whatever the patch level was when they tested it. While that may seem innocuous, the damn thing is on the freakin' network, because the doctors want to email images to their patients!
I sure don't want me or my family to be the ones to have to file the lawsuit when a "zombie" actually causes someone to die from a faulty diagnosis, or because some machinery failed due to a DDoS attack originating on their network.
Dang, you're absolutely right. It's still a 32 bit toolchain that's emitting 64 bit binaries.
So the thing I got wrong above should have been:
When Visual Studio 2010 (regardless of platform) compiles & links a 32-bit app, the binaries are compatible only with XP SP2 or later.
Correct?
No, you missed a fact.
Visual Studio 2005 is a 32-bit app on any Windows platform.
Visual Studio 2010 is a 32-bit app when running on a 32-bit platform.
Mozilla builds on 32-bit platforms can no longer support the PGO linker.
Visual Studio 2010 is a 64-bit app on a 64-bit platform.
Mozilla builds on 64-bit platforms can PGO link just fine.
When Visual Studio 64-bit compiles a 32-bit app, that app can run only on XP SP2 or later.
Mozilla has millions of users on pre-XP SP2 platforms.
So Mozilla has a choice: change nothing but stop PGO linking the 32-bit versions (sub-optimum for 32-bit users), go forward on a 64-bit only path and disenfranchise the old users from getting any new functions, abandon them completely (which is irresponsible in terms of security), cut back on new features for all, or take an axe to the existing code. Only one is an easy choice.
No, it has nothing to do with running Firefox. It has everything to do with running Visual Studio's linker.
This matters only to Firefox developers.
Not that they shouldn't care, mind you, as that is some seriously monolithic code. But it won't make any difference to Joe Sixpack.
Those major could have asked some of their employees to test if there was some of their own movies being pirated, acting like pirates for a few moments...
Yep. Fox was making sure that Sony movies were being pirated, by downloading them.
No doubt they were trying to help Sony's legal case by making their downloading problem look even worse.
Not really... As the rights holder they can distribute it for free to as many people as they want. They can also say that those people do NOT have the right to distribute it to others. It's not the fault of the PR arm if the people they give a work to proceed to do something illegal with it.
I *so* want to be on the jury of a trial testing that bit of legal theory.