That the US constitution is a great boon to the country, yet at the same time being a huge albatross around its neck. FFS suing someone because they expressed an opinion in an arena where they may/may not be allowed to have an opinion, instead of growing a pair, sucking it up and realizing that not everyone agrees with you. And yes I am aware of the protections that the constitution grants, but in this case a lawsuit seems overkill.
No. It is, however, extremely odd, considering that Reuters lists only the dollar and yuan amount. I'm extremely confused why pounds sterling entered into it. Perhaps the submitter has an axe to grind about/. being an American website?
Yes it looks like the submitter changed the currency, but wild speculation about why is still wild speculation - and you seem to be a touchy about it.
My property borders a common area of our subdivision that was set aside as an access right of way for things like power and phone cables. But do you think the companies actually use it? Nope.. all the cables actually run on my property along the edge of the right-of-way and then take a sharp turn to cut off a corner. I'm used to having my backyard spray painted all the time with orange paint marking cables.
> was it going to be a Sci-Fi film, or an action film?
As long as it's not a Syfy film!
I'm suprised the Sy Fi channel hasn't come out with "Rise: The planet of the Apes" (with the addition of a colon) in the same way that there was "Battle:Los Angeles" and "Battle Of Los Angeles". Or will we get Mega-Piranha/Shark/Gator/Crocodile/Octopus vs Dino-Ape/Monkey?
NPR played a great interview with Andy Serkis last week. He has no trouble with being "typecast", but after hearing that interview I definitely will chase up Sex & Drugs & Rock & Roll. Serkis sounded so much like Ian Dury.
Build your exhibit with a dungeon/prison them to hide the faraday cage that isolates you from the rest of the auditorium. Add lots of dry ice and flashing lights and not only will you have a working exhibit, it will look cool as well.
For once Comcast does good as my local ISP. All it does is hijack the page if the DNS doesn't resolve and then puts up its own results of what it thinks the domain should be.
Sending 3 heroes of the western world on a suicide mission where their last moments will be like in Toy Story 3 with the figures silently considering their fate as slowly approach the fiery furnace. Except that this time there is no hope of escape.
I was at a talk last year about how to solve this issues. The proposed solution was to take the decision to use/not use power out of the hands of the consumer by having smart appliances that could be regulated from an outside source. Basically you would nominate "desires" and the "system" would attempt to optimize power usage to meet those desires over the entire local neighborhood (IE delay running the dryer now to put a quick charge in the car so you can go out to dinner, as dinner is more important to you now than the dried clothes are). This was being proposed in order to smooth out the demand peaks that are being expected when everyone in the street had electric cars and wanted to charge them all up at once, and how this affects the local power infrastructure. The talk presented some interesting data that showed that with minor tweaking you can readily smooth out major peaks.
The question I raised was basically "Yep the technology works, but how are you going to change the mindset of people away from ME ME ME to US US US?".
...from SIEMENS^D^D^D^D^D^D^D GE^D^D Invensys^D^D^D^D^D^D^D^D GE^D^D Bailey^D^D^D^D^D^D Toshiba^D^D^D^D^D^D^D GE^D^D [*] and several other firms that will remain un-named for now that very likely the process used to design/spec/create/test the firmware resembled software engineering in no fashion whatsoever.
... but it looks like the article has just posted a how-to guide for how to pwn every utility in the USA, up to and including the port numbers to exploit and the password to use, before this vulnerability is patched. Does anybody else have a problem with this?
Well not every company in the world runs S7 PLCs, so you would have to have a grab bag of vulnerabilities for each of the major PLC vendors. Of course I don't doubt that they all can be exploited in some way or another as they are all basically designed in with the same mindset. Then again I did deal with a system last year that used a serial connection - so that was totally unexploitable!
Can we please get over the usual comments of "Why are these even connected to the Internet??!?!?!?"
As TFA points out, even air gapping the control and business networks doesn't always work. And in every plant I have worked in (except one*) over the last XXX number of years, I have been freely allowed to load up any file I wanted (using my own USB flash drive) into the control network. I believe my equipment is free of viruses, but with the sophistication of Stuxnet, who can tell what the next generation of industrial sabotage tools will be like and if/how they can be detected by current technology. So I can only assume that I have not caused any issues for my clients.
[*] The exception was a plant where there was some controls software running on a VM that was on a server under control of the IT department. The only way *I* could get files onto that box was to upload them to a public directory and let the corporate system check them and drop them off on the other side of the firewall. Unless of course I handed by USB key to the client and said "Can you directly drop these files on the server for me???"
OK.. seriously RTFL.. it says explicitly right there under what circumstances you can use the code. Did you read it? Did you attempt to contact the Author? Do you need your nose wiped by the/. crowd as well?
Can you hear me ??
No.. no.. you're breaking up
Yeah thats better.. no.. move back where you were
Sorry what was that?
Hello.. hello.. you still there???
I found it interesting that the article states that there is "almost no chance of losing" if you buy enough tickets, but that's not a 100% guarantee. It will just be a matter of time before someone plays the odds and that unlikely event of losing money happens.
Yeah.. but then you employ my patented scheme.. the next time you bet *double* the amount.. so you make up for the losses! Play that way and you can't lose!!!!
The other day I was in Best Buy and saw a XOOM out for display. So I started up the web browser and navigated to the same test page I always use (http://www.theage.com.au) to see how well it compared to the iPad. Well I didn't get to see much, as not only did that test crash the browser, it crashed the XOOM itself. All I got was a message that basically said "Sorry.. we're crashing the device here. Thanks for playing". I have never seen that sort of behaviour before, so based on that 1 point data sample I was not impressed with the XOOM (not that I am in the market for a tablet anyway).
Having said that I really do hope that the EEs who know the system best (IE the ones who actually keep the grid running) have removed line of sight from the most vulnerable junctions.
A simple question for you to consider: How do you hide transmission lines from line-of-site?
While I don't disagree that PLCs are way over priced. $100,000 sounds a bit too high for a PLC even if its a safety PLC with redundancy
I was surprised at the cost as well. This was the latest bleeding edge (less than 6 month old) AB system, 2 racks, 2 cpu's per rack, 2 Ethernet cards and 2 Fibre cards and a couple of other cards. So you are down in the $10K+ per card on average - which is not that unreasonable. So your cards are not that far off. I used to think that GE stuff was pricey too - until I did some jobs with Toshiba PLCs.
I'm more worried about DNP3 substations than prisons since power companies tend to have a unified system and spread out over long distances though they know that.
I've said it on many occasions that a single person with a 4wd vehicle, and a high powered rifle with a scope could do more damage to the power system in a short time and do it more easily than anyone with a keyboard and a computer.
You could run all of your PLC's through a router so you could have all your PLC's programmable from a remote location. We've never done that, but then again we also don't have a prison population and access controls to deal with.
I've done things like this and it works well. Had multiple remote sites connected to the home base via a VPN over the Internet. Not that I recommend programming from a remote location, but being able to ensure you have central backups, and do a centralized version control is a boon. The alternative was to have contract cowboys in each region with their own private copy of what they think the PLC program should be. So now the contractor arrives at site, checks out the PLC code from the central repository, modifies the PLC and then checks the code back in.
That the US constitution is a great boon to the country, yet at the same time being a huge albatross around its neck. FFS suing someone because they expressed an opinion in an arena where they may/may not be allowed to have an opinion, instead of growing a pair, sucking it up and realizing that not everyone agrees with you. And yes I am aware of the protections that the constitution grants, but in this case a lawsuit seems overkill.
No. It is, however, extremely odd, considering that Reuters lists only the dollar and yuan amount. I'm extremely confused why pounds sterling entered into it. Perhaps the submitter has an axe to grind about /. being an American website?
Yes it looks like the submitter changed the currency, but wild speculation about why is still wild speculation - and you seem to be a touchy about it.
Strange, I was under the impression that there was a constitutional right to prevent such things.. You know, the 5th amendment, which clearly says ...
Yeah .. a pity about that. The Real Story of Eminent Domain in Virginia (PDF)
My property borders a common area of our subdivision that was set aside as an access right of way for things like power and phone cables. But do you think the companies actually use it? Nope .. all the cables actually run on my property along the edge of the right-of-way and then take a sharp turn to cut off a corner. I'm used to having my backyard spray painted all the time with orange paint marking cables.
All these comments and no-one has mentioned the war, or German accented cars issuing commands!
> was it going to be a Sci-Fi film, or an action film?
As long as it's not a Syfy film!
I'm suprised the Sy Fi channel hasn't come out with "Rise: The planet of the Apes" (with the addition of a colon) in the same way that there was "Battle:Los Angeles" and "Battle Of Los Angeles". Or will we get Mega-Piranha/Shark/Gator/Crocodile/Octopus vs Dino-Ape/Monkey?
NPR played a great interview with Andy Serkis last week. He has no trouble with being "typecast", but after hearing that interview I definitely will chase up Sex & Drugs & Rock & Roll. Serkis sounded so much like Ian Dury.
And off topic some more, we already know about trying to raise a monkey as a human baby
I found the new crew uniform!
How come I'm the only crew member with a red shirt???
Build your exhibit with a dungeon/prison them to hide the faraday cage that isolates you from the rest of the auditorium. Add lots of dry ice and flashing lights and not only will you have a working exhibit, it will look cool as well.
For once Comcast does good as my local ISP. All it does is hijack the page if the DNS doesn't resolve and then puts up its own results of what it thinks the domain should be.
Sending 3 heroes of the western world on a suicide mission where their last moments will be like in Toy Story 3 with the figures silently considering their fate as slowly approach the fiery furnace. Except that this time there is no hope of escape.
I was at a talk last year about how to solve this issues. The proposed solution was to take the decision to use/not use power out of the hands of the consumer by having smart appliances that could be regulated from an outside source. Basically you would nominate "desires" and the "system" would attempt to optimize power usage to meet those desires over the entire local neighborhood (IE delay running the dryer now to put a quick charge in the car so you can go out to dinner, as dinner is more important to you now than the dried clothes are). This was being proposed in order to smooth out the demand peaks that are being expected when everyone in the street had electric cars and wanted to charge them all up at once, and how this affects the local power infrastructure. The talk presented some interesting data that showed that with minor tweaking you can readily smooth out major peaks.
The question I raised was basically "Yep the technology works, but how are you going to change the mindset of people away from ME ME ME to US US US?".
...from SIEMENS^D^D^D^D^D^D^D GE^D^D Invensys^D^D^D^D^D^D^D^D GE^D^D Bailey^D^D^D^D^D^D Toshiba^D^D^D^D^D^D^D GE^D^D [*] and several other firms that will remain un-named for now that very likely the process used to design/spec/create/test the firmware resembled software engineering in no fashion whatsoever.
[*] I've worked with multiple GE divisions.
... but it looks like the article has just posted a how-to guide for how to pwn every utility in the USA, up to and including the port numbers to exploit and the password to use, before this vulnerability is patched. Does anybody else have a problem with this?
Well not every company in the world runs S7 PLCs, so you would have to have a grab bag of vulnerabilities for each of the major PLC vendors. Of course I don't doubt that they all can be exploited in some way or another as they are all basically designed in with the same mindset. Then again I did deal with a system last year that used a serial connection - so that was totally unexploitable!
Can we please get over the usual comments of "Why are these even connected to the Internet??!?!?!?"
As TFA points out, even air gapping the control and business networks doesn't always work. And in every plant I have worked in (except one*) over the last XXX number of years, I have been freely allowed to load up any file I wanted (using my own USB flash drive) into the control network. I believe my equipment is free of viruses, but with the sophistication of Stuxnet, who can tell what the next generation of industrial sabotage tools will be like and if/how they can be detected by current technology. So I can only assume that I have not caused any issues for my clients.
[*] The exception was a plant where there was some controls software running on a VM that was on a server under control of the IT department. The only way *I* could get files onto that box was to upload them to a public directory and let the corporate system check them and drop them off on the other side of the firewall. Unless of course I handed by USB key to the client and said "Can you directly drop these files on the server for me???"
Next up, Wolverine's special two-part Bar Mitzvah issue! L'chaim!
If you think that will be fun, you should have seen the Bris edition!
I give up; how did they counter his mutant healing factor?
Well played .. I didn't even think about that aspect. I was more thinking about him performing the act.
Next up, Wolverine's special two-part Bar Mitzvah issue! L'chaim!
If you think that will be fun, you should have seen the Bris edition!
OK .. seriously RTFL .. it says explicitly right there under what circumstances you can use the code. Did you read it? Did you attempt to contact the Author? Do you need your nose wiped by the /. crowd as well?
Can you hear me ?? .. no .. you're breaking up .. no .. move back where you were .. hello .. you still there???
No
Yeah thats better
Sorry what was that?
Hello
I found it interesting that the article states that there is "almost no chance of losing" if you buy enough tickets, but that's not a 100% guarantee. It will just be a matter of time before someone plays the odds and that unlikely event of losing money happens.
Yeah .. but then you employ my patented scheme .. the next time you bet *double* the amount .. so you make up for the losses! Play that way and you can't lose!!!!
The other day I was in Best Buy and saw a XOOM out for display. So I started up the web browser and navigated to the same test page I always use (http://www.theage.com.au) to see how well it compared to the iPad. Well I didn't get to see much, as not only did that test crash the browser, it crashed the XOOM itself. All I got was a message that basically said "Sorry .. we're crashing the device here. Thanks for playing". I have never seen that sort of behaviour before, so based on that 1 point data sample I was not impressed with the XOOM (not that I am in the market for a tablet anyway).
Having said that I really do hope that the EEs who know the system best (IE the ones who actually keep the grid running) have removed line of sight from the most vulnerable junctions.
A simple question for you to consider: How do you hide transmission lines from line-of-site?
While I don't disagree that PLCs are way over priced. $100,000 sounds a bit too high for a PLC even if its a safety PLC with redundancy
I was surprised at the cost as well. This was the latest bleeding edge (less than 6 month old) AB system, 2 racks, 2 cpu's per rack, 2 Ethernet cards and 2 Fibre cards and a couple of other cards. So you are down in the $10K+ per card on average - which is not that unreasonable. So your cards are not that far off. I used to think that GE stuff was pricey too - until I did some jobs with Toshiba PLCs.
I'm more worried about DNP3 substations than prisons since power companies tend to have a unified system and spread out over long distances though they know that.
I've said it on many occasions that a single person with a 4wd vehicle, and a high powered rifle with a scope could do more damage to the power system in a short time and do it more easily than anyone with a keyboard and a computer.
You could run all of your PLC's through a router so you could have all your PLC's programmable from a remote location. We've never done that, but then again we also don't have a prison population and access controls to deal with.
I've done things like this and it works well. Had multiple remote sites connected to the home base via a VPN over the Internet. Not that I recommend programming from a remote location, but being able to ensure you have central backups, and do a centralized version control is a boon. The alternative was to have contract cowboys in each region with their own private copy of what they think the PLC program should be. So now the contractor arrives at site, checks out the PLC code from the central repository, modifies the PLC and then checks the code back in.