I mean, there's a security flaw in the Siemens S7. Now let's all take a wild guess what the Chinese copied.
I'd say that there are flaws in just about every major PLC (Allen-Bradley, Modicon, GE, and so on, to name a few) . Most are just legacy serial protocols that have been wrapped in Ethernet, so these controllers accept arbitrary packets from any source. With protocols like MODBUS, it is fairly easy to construct such packets by hand even.
I'm not aware of any that do? Off the top of my head I can think of CIP, Modbus, Ethernet/IP, Profibus, ProfiNET, DeviceNet, and CANOpen and none of these have any authentication. At best, some of these like CIP have security through obscurity, but others like Modbus are completely known specifications.
I concur. Airports are the same way, and still this way. Many are running standard PLCs like Allen-Bradley or Modicon. They are connected directly to a modem line with no authentication. So grab yourself a copy of RSLogix or Unity Pro, dial into these places, and have fun modifying the ladder logic and wreak havoc on the airport as all bags get re-routed to who knows where. I've seen the same issues with power plants and water treatment facilities.
The only upside is that the modem line isn't hooked up all the time these days. It's usually just when they need someone to dial in, and then a worker at the facility will go and hook up the line.
In May, I'll have completed my Master's degree entirely online through NC State's Engineering Online program. Since most people have already mentioned the negative aspects of online classes, I'll mention some of the positives.
First, it's incredibly nice to be able to rewind, pause, and replay portions of a lecture. It's also very useful to be able to play older lectures. And, it's nice to be able to watch lectures when it is convenient for you, especially if you are working full-time.
The lack of direct communication during class is easily mitigated by having an online, voice enabled office hours system. Most people don't show up for a professors' office hours, period.
Certainly, I don't think online courses can be applied to all classes, but from my undergraduate experience, many of my science/engineering courses were simply large auditorium lecture halls with little to no interaction anyway. So there goes class participation.
Some people might mention the lack of personal networking. Quite the opposite, I've met more full-time employees at other companies who are also in a distance program than I ever did in my undergrad, where I was mostly networking with other jobless, inexperienced students. If anything, I've observed that the distance students, being full time, tend to have higher averages as a whole than the 'live' classroom sections, mainly because most of us have years of practical experience in the field under our belts.
So, all in all, do classroom learning if you can, but for many classes, you won't really get any benefit.
It's one thing to tell someone that they're no longer welcome to order anymore, but it's quite another to retroactively disable anything that they've previously purchased. That's the distinction.
Many people abuse the flexible Costco return policy. Some of these people get their memberships revoked. At no time does Costco come in and say that they can no longer use items they've already bought.
Most plants are running on PLCs, but their user interfaces HMI are pretty much all running some form of Windows. Common ones include Proficy iFIX (by GE), RSView (Rockwell), and WonderWare InTouch (Wonderware) on either Windows XP, Windows 2000/2003 or some form of Windows Embedded.
It is actually incredibly difficult to find mature HMI software that is available for Linux.
I tend to buy computer books, especially those on programming languages, in PDF simply because they tend to get outdated fairly quickly. Disk space is cheap, but shelf space is not.
I have never, ever in my entire life had a bank, mortgage, or a credit card company call me to apologize or fix their error when they have either double-charged me or misapplied a payment. When this occurs, I end up discovering it ON MY OWN by examining my own bank statement and then calling the bank and talking with random people for several hours to correct the situation.
So, tell me, why should I extend the bank the same courtesy when it's in my favor?
The point is not to search the files themselves, but the contents in those files. I have thousands of electronic manuals on different values, pumps, and motors here on my hard drive in PDF format. It is nice to be able to type into a local search, say, 'Versa valve', and get all references to it throughout my technical documents.
For all those of you bashing Gates and claiming he's a buffoon simply because he doesn't use e-mail -- you do realize that Knuth doesn't either, right?
It seems to be that when any company begins using patent litigation as a means to generate revenue, that company enters a steady downfall. Companies that use patents defensively succeed because they are actually innovating; companies that must rely on patents for income are simply milking what they have with no real plans for long-term future income.
It seems more and more that I am seeing the latter in Microsoft, rather than the former. This has always been true to a certain extent, but lately I'm seeing that very little is actually coming out of Microsoft itself -- most everything recently is a complete acquisition or partly an acquisition of another company's IP.
Well...a couple hundred bucks for most home users is a lot just to do word processing, spreadsheets, etc. Compare that to OpenOffice, which is free. That is a huge savings.
I think the important thing to remember is that a large number of these installations are pirated from work or another source for home use. Now that Microsoft Office has introduced GenuineAdvantage in its latest offering, expect that people will start to take a more serious look at OpenOffice and other alternatives.
Unlike most people here, I actually don't dislike Vista. However, there are a few circumstances due to timing of other vendors that prevent me from using it. For example:
My A8N-SLI Deluxe has no official NVIDIA nForce4 support. The drivers for it are currently in beta. Similarly, I have not quite managed to find a good driver for onboard RAID. I expect to have driver and hardware compatibility issues in Linux, but not in Windows, especially from major players like NVIDIA.
A lot of software isn't officially supported with Vista. This includes AutoCAD 2007 and Macromedia Dreamweaver. You can get these software packages to work with some hacks, but again, not officially supported. Similarly, programs like UltraVNC have problems because of the new security features.
I have a lot of older 400 Mhz Dell machines. These boxes (after upgrading the RAM) are ideal for Windows XP and lightweight office productivity, but Vista won't even install on these boxes.
There are way too many editions of Vista, and I imagine that even people on Slashdot can't name what the differences are between all of them without looking at the comparison sheet. This makes people hesistent to buy because they aren't sure which version they will need.
Vista has a pretty new theme, but I haven't noticed any real differences in Vista yet other than some flashy graphics, and re-arranging of menus. It's a good system if it comes with your new machine, but there really aren't any great features to make one want to upgrade to Windows XP.
The problem is that something like "Toys R' Us" is localized. You can establish decency laws for that county, district, or state. But how do you enforce decency laws in an environment that is heterogenous (ie: global). The same standards for "adult" content in India are not the same as the "adult" content standards in the US.
I'd to love to use this if I were a human resources or hiring manager. Hey, we can't ask directly whether or not the potential candidate has a medical condition, but thanks to this chip, we can silenty dismiss these canditates cheaply and effectively without any legal ramifications. Just stick the RFID scanning device under the table during the interview and you're good to go! Thank you government!
A lot of people have mentioned Cisco, but I'm not sure how many of them have actually worked in chemical plants. For industrial plants, you want your switches with all your other 'sensitive' equipment -- in the PLC enclosure or the remote station. You can purchase these enclosures at different NEMA ratings for your industrial application. For switches, we use Phoenix Contact, which are DIN rail devices that go in the PLC panel.
Industrial control is a whole different ballpark. What works for business offices doesn't work in factories.
I'm okay with all of this wiretapping on one condition -- every politician is subject to wiretapping 24 hours a day, 7 days a week. If they expect us to give up our privacy rights, I expect our politicians to give up the same -- and slightly more, since by accepting the role of a public figure they accept a certain responsibility for both their public and private actions.
On top of this, when obtaining a valid warrant, a private citizen has the right to obtain, inspect, and dissemenate all of these conversations. And on top of this, government entities (FBI, CIA, auditing firms) have the right to these conversations at any time without a warrant, and may, at their discretion release any of this information to the public.
Without getting completely off-topic and non-sensical, yes, you pay to have the University take many of your rights away in order to ensure that the education that you receive and that certification after your four years is legitimate.
Many professors don't allow for the use of calculators or computer software (MATLAB, Mathcad) when doing homework. Do you consider that to be taking your rights away? When you get your Fundamentals of Engineering exam at the end of your four year education, you are not to discuss your exam questions after the test as part of the agreement to take the exam. Does this take your rights away? Perhaps you should argue that your exam solutions are your intellectual property in this case also!
Cheating is rampant at the University level. I earned my degree honestly and it irks me somewhat that are many who graduate with me who did not. What does that do the value of your degree?
Universities should take measures to prevent adademic misconduct as much as possible. These papers are not your creative work, per se. These papers are assignments designed for you to complete by the University as a benchmark to evaluate you as a student. You are otherwise perfectly free to write your own works and publish them, with full copyright intact, for your own creative works.
In my opinion, making statements like yours is quite short-sighted and ignores the greater picture.
At my University, it was made pretty clear in several courses that homework assignments and other submitted course materials were property of the University. You can, of course, choose to keep your 'intellectual property', but then, good luck passing the course!
One of the reasons I don't development games is not because of my lack in programming skills, but my lack in graphics design talent and music composition. What are some resources for open source sprites and open source music?
I think that this would allow the open source community to come up with some really innovate 2D games, as a lot of other folks like myself don't really care about fancy 3D graphics and such. Tetris, NetHack, and others are not fun to play because they have flashy graphics, but because they have good, solid gameplay. Heck, many people today continue to play older, 8-bit and 16-bit games through NES and SNES emulators.
Personally, I would love to see a new game done using something like the isometric Fallout engine, or side-scrolling games like Duke Nukem, with fluid pixel-based animation (think Prince of Persia).
A lot of companies pay for you to take your certifications, and often you are required to take one of two a year. This is how I ended up obtaining my Sun certification, though I don't even program in Java anymore. If you ever attend any free Microsoft event, you'll also find that in your goodies bag there is a free certificate voucher for any MS exam.
It would be silly to not take a certification if it's being paid for by your employer, or if it's free of charge for you to take. A certification may not necessarily help career-wise, but I've found it invaluable for obtaining a refresher on a particular subject applicable to my work. It also forces me into 'academic' mode, by forcing me to actually read books and study just as I would for a college exam. It also gives you a goal to work toward, whereas otherwise you might just come home and vegitate on the TV.
As to their effectiveness in getting a a job, I wouldn't really know. I've never ever been able to get any job thus far without doing some sort of personal networking. Monster.com et. al has never worked for me. From a hiring perspective, it seems like resume matters less, and a personal recommendation from someone in the company will get you in the door, regardless of the number of buzzwords in your applictaion.
Part of this is may be because I work in Engineering, and for whatever reason, it is much harder to apply a set of consistent buzzwords to the Engineering discipline.
Slashdot Mirror
I mean, there's a security flaw in the Siemens S7. Now let's all take a wild guess what the Chinese copied.
I'd say that there are flaws in just about every major PLC (Allen-Bradley, Modicon, GE, and so on, to name a few) . Most are just legacy serial protocols that have been wrapped in Ethernet, so these controllers accept arbitrary packets from any source. With protocols like MODBUS, it is fairly easy to construct such packets by hand even.
I'm not aware of any that do? Off the top of my head I can think of CIP, Modbus, Ethernet/IP, Profibus, ProfiNET, DeviceNet, and CANOpen and none of these have any authentication. At best, some of these like CIP have security through obscurity, but others like Modbus are completely known specifications.
I concur. Airports are the same way, and still this way. Many are running standard PLCs like Allen-Bradley or Modicon. They are connected directly to a modem line with no authentication. So grab yourself a copy of RSLogix or Unity Pro, dial into these places, and have fun modifying the ladder logic and wreak havoc on the airport as all bags get re-routed to who knows where. I've seen the same issues with power plants and water treatment facilities.
The only upside is that the modem line isn't hooked up all the time these days. It's usually just when they need someone to dial in, and then a worker at the facility will go and hook up the line.
In May, I'll have completed my Master's degree entirely online through NC State's Engineering Online program. Since most people have already mentioned the negative aspects of online classes, I'll mention some of the positives.
First, it's incredibly nice to be able to rewind, pause, and replay portions of a lecture. It's also very useful to be able to play older lectures. And, it's nice to be able to watch lectures when it is convenient for you, especially if you are working full-time.
The lack of direct communication during class is easily mitigated by having an online, voice enabled office hours system. Most people don't show up for a professors' office hours, period.
Certainly, I don't think online courses can be applied to all classes, but from my undergraduate experience, many of my science/engineering courses were simply large auditorium lecture halls with little to no interaction anyway. So there goes class participation.
Some people might mention the lack of personal networking. Quite the opposite, I've met more full-time employees at other companies who are also in a distance program than I ever did in my undergrad, where I was mostly networking with other jobless, inexperienced students. If anything, I've observed that the distance students, being full time, tend to have higher averages as a whole than the 'live' classroom sections, mainly because most of us have years of practical experience in the field under our belts.
So, all in all, do classroom learning if you can, but for many classes, you won't really get any benefit.
It's one thing to tell someone that they're no longer welcome to order anymore, but it's quite another to retroactively disable anything that they've previously purchased. That's the distinction.
Many people abuse the flexible Costco return policy. Some of these people get their memberships revoked. At no time does Costco come in and say that they can no longer use items they've already bought.
Most plants are running on PLCs, but their user interfaces HMI are pretty much all running some form of Windows. Common ones include Proficy iFIX (by GE), RSView (Rockwell), and WonderWare InTouch (Wonderware) on either Windows XP, Windows 2000/2003 or some form of Windows Embedded.
It is actually incredibly difficult to find mature HMI software that is available for Linux.
I tend to buy computer books, especially those on programming languages, in PDF simply because they tend to get outdated fairly quickly. Disk space is cheap, but shelf space is not.
I have never, ever in my entire life had a bank, mortgage, or a credit card company call me to apologize or fix their error when they have either double-charged me or misapplied a payment. When this occurs, I end up discovering it ON MY OWN by examining my own bank statement and then calling the bank and talking with random people for several hours to correct the situation.
So, tell me, why should I extend the bank the same courtesy when it's in my favor?
The point is not to search the files themselves, but the contents in those files. I have thousands of electronic manuals on different values, pumps, and motors here on my hard drive in PDF format. It is nice to be able to type into a local search, say, 'Versa valve', and get all references to it throughout my technical documents.
For all those of you bashing Gates and claiming he's a buffoon simply because he doesn't use e-mail -- you do realize that Knuth doesn't either, right?
It seems to be that when any company begins using patent litigation as a means to generate revenue, that company enters a steady downfall. Companies that use patents defensively succeed because they are actually innovating; companies that must rely on patents for income are simply milking what they have with no real plans for long-term future income.
It seems more and more that I am seeing the latter in Microsoft, rather than the former. This has always been true to a certain extent, but lately I'm seeing that very little is actually coming out of Microsoft itself -- most everything recently is a complete acquisition or partly an acquisition of another company's IP.
I think the important thing to remember is that a large number of these installations are pirated from work or another source for home use. Now that Microsoft Office has introduced GenuineAdvantage in its latest offering, expect that people will start to take a more serious look at OpenOffice and other alternatives.
The nForce4 drivers are not as they do not come with audio support.
The problem is that something like "Toys R' Us" is localized. You can establish decency laws for that county, district, or state. But how do you enforce decency laws in an environment that is heterogenous (ie: global). The same standards for "adult" content in India are not the same as the "adult" content standards in the US.
I'd to love to use this if I were a human resources or hiring manager. Hey, we can't ask directly whether or not the potential candidate has a medical condition, but thanks to this chip, we can silenty dismiss these canditates cheaply and effectively without any legal ramifications. Just stick the RFID scanning device under the table during the interview and you're good to go! Thank you government!
A lot of people have mentioned Cisco, but I'm not sure how many of them have actually worked in chemical plants. For industrial plants, you want your switches with all your other 'sensitive' equipment -- in the PLC enclosure or the remote station. You can purchase these enclosures at different NEMA ratings for your industrial application. For switches, we use Phoenix Contact, which are DIN rail devices that go in the PLC panel.
Industrial control is a whole different ballpark. What works for business offices doesn't work in factories.
How does one go about contacting Judge Charles Kocoras? I did an admittedly quick Internet search and couldn't find an e-mail address.
I'm okay with all of this wiretapping on one condition -- every politician is subject to wiretapping 24 hours a day, 7 days a week. If they expect us to give up our privacy rights, I expect our politicians to give up the same -- and slightly more, since by accepting the role of a public figure they accept a certain responsibility for both their public and private actions.
On top of this, when obtaining a valid warrant, a private citizen has the right to obtain, inspect, and dissemenate all of these conversations. And on top of this, government entities (FBI, CIA, auditing firms) have the right to these conversations at any time without a warrant, and may, at their discretion release any of this information to the public.
It goes both way. Have a nice day.
Without getting completely off-topic and non-sensical, yes, you pay to have the University take many of your rights away in order to ensure that the education that you receive and that certification after your four years is legitimate.
Many professors don't allow for the use of calculators or computer software (MATLAB, Mathcad) when doing homework. Do you consider that to be taking your rights away? When you get your Fundamentals of Engineering exam at the end of your four year education, you are not to discuss your exam questions after the test as part of the agreement to take the exam. Does this take your rights away? Perhaps you should argue that your exam solutions are your intellectual property in this case also!
Cheating is rampant at the University level. I earned my degree honestly and it irks me somewhat that are many who graduate with me who did not. What does that do the value of your degree?
Universities should take measures to prevent adademic misconduct as much as possible. These papers are not your creative work, per se. These papers are assignments designed for you to complete by the University as a benchmark to evaluate you as a student. You are otherwise perfectly free to write your own works and publish them, with full copyright intact, for your own creative works.
In my opinion, making statements like yours is quite short-sighted and ignores the greater picture.
At my University, it was made pretty clear in several courses that homework assignments and other submitted course materials were property of the University. You can, of course, choose to keep your 'intellectual property', but then, good luck passing the course!
Well, it looks like the torrent is still available through MiniNova: http://www.mininova.org/tor/388815
The Pirate Bay link is broken and the feed is no longer available from the site.
One of the reasons I don't development games is not because of my lack in programming skills, but my lack in graphics design talent and music composition. What are some resources for open source sprites and open source music?
I think that this would allow the open source community to come up with some really innovate 2D games, as a lot of other folks like myself don't really care about fancy 3D graphics and such. Tetris, NetHack, and others are not fun to play because they have flashy graphics, but because they have good, solid gameplay. Heck, many people today continue to play older, 8-bit and 16-bit games through NES and SNES emulators.
Personally, I would love to see a new game done using something like the isometric Fallout engine, or side-scrolling games like Duke Nukem, with fluid pixel-based animation (think Prince of Persia).
A lot of companies pay for you to take your certifications, and often you are required to take one of two a year. This is how I ended up obtaining my Sun certification, though I don't even program in Java anymore. If you ever attend any free Microsoft event, you'll also find that in your goodies bag there is a free certificate voucher for any MS exam.
It would be silly to not take a certification if it's being paid for by your employer, or if it's free of charge for you to take. A certification may not necessarily help career-wise, but I've found it invaluable for obtaining a refresher on a particular subject applicable to my work. It also forces me into 'academic' mode, by forcing me to actually read books and study just as I would for a college exam. It also gives you a goal to work toward, whereas otherwise you might just come home and vegitate on the TV.
As to their effectiveness in getting a a job, I wouldn't really know. I've never ever been able to get any job thus far without doing some sort of personal networking. Monster.com et. al has never worked for me. From a hiring perspective, it seems like resume matters less, and a personal recommendation from someone in the company will get you in the door, regardless of the number of buzzwords in your applictaion.
Part of this is may be because I work in Engineering, and for whatever reason, it is much harder to apply a set of consistent buzzwords to the Engineering discipline.