If an errant signal is sent, it could move the tool, start spinning the lathe or a host of other uncontrolled things unexpectedly . . . The unexpectedly part is the problem. If you expect something to not have power then all the sudden is does, you do not know you cannot treat it as if there is no power. If your tools are functioning properly, you know the state of the machines. It is not unsafe at all.
Working on live machinery is whole different kettle of fish and you acknowledge that there can be potential issues. As you are aware of the potential failure modes then you should have had safety protocols in place to cancel out or mitigate those modes. If you didn't have such protocols in place then your workplace is already inherently unsafe and the status of the errant signal is irrelevant.
If Whipslash is reading this - one thing that would be a REALLY interesting addition to Slashdot would be to go find someone from the company to speak to these issues, if possible. Something of an immediate Q&A to either clear up the news or confirm that the situation is as crummy as it appears.
I don't think that/. will every be able to work like that. Compare/. with Ars. Ars actually employs genuine technical minded journalists and produce long form stories of their own. When appropriate they do reach out to all parties to get comment from both sides./. on th either hand is really just a news aggregator with a fancy commenting system. If anything it should be up to the producers of the original story to looking for comment.
You've now built a device with implicit trust between all of the components, and suddenly with a windows driver update, your device is now getting garbage data,
You seem to have a big problem with FTDI taking down your carefully crafted process because your trust of that company has been broken, yet you seem to have no issue with a applying random windows updates to your mission critical system without any form of testing. Strange that.
The desktop PC of a warehouse manager, a dumb throw-away "converter" PC that was simply stuck in a remote location to turn a serial device into a "network server", etc... People do ALL kinds of crap to engineer solutions for specific scenarios, often in small suppliers or companies too tiny to have good control processes or discipline.
Believe me I know this first hand as well and I do understand for point about cascading failures, as well as people doing weird things in factories. However if any one system such as this converter can cause a cascading failure to the point of injury or death, then you are already dealing with a house of cards full of safety vulnerabilities that you haven't accounted for. Your system isn't safe, its jus that you don't know it yet. With your experience you I expect that you know that safety isn't something you bolt on to an industrial process - it has to be designed in and has multiple redundancies.
If this suddenly and inobtrusively starts causing that measurement data to be misaligned in the output, those weight readings could be transmitted to shippers who may or may not re-weigh the product based on our volume.
Except that the injected appears to be a pretty egregious change in the data stream and not subtle at all
In the worst case scenario, something like this could be done as the last check-weight for loading an aircraft -- a weight-critical application where getting it wrong can cause a tail-strike on takeoff. . . . Pushing it by Windows Update, where no devs are involved to catch the error, is a recipe for potential disaster somewhere.
As I also implied: Windows + auto updates does not equal safe operating conditions in the first place. Especially if you are talking about things like aircraft.
Do you have auto updates enabled on any of the machinery that you use USB to serial converters on? If not, why not?
Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.
If a rogue USB to serial connector (on a windows box, with automatic updates no less) can endanger your workers, then your machinery wasn't safe in the first place.
Too late. That and variations on it have been tried in several countries -- so far with little success as far as changing outcomes is concerned.
From what I remember (and it may be urban legend as it has been a long while since I heard of it) some guy once registered a whole bunch of phone companies with names like "anyone", "the first one" etc. So that when people were wanting to be connected by the operator (this was way back when) and the operator asked them which long distance service to use the callers not caring who they were routed through replied with things like "anyone" etc so that their response matched one of these companies. The operator then duly connected them via the explicitly named company. The kicker was that it the back end he leased his service from the main players but charged a huge premium above what a regular long service would charge.
I was going say that why would I need iTunes Radio when I have Zombo com But sadly it is not online at the moment.
Welcome... to ZomboCom. This... is... ZomboCom. Welcome. This is ZomboCom; welcome... to ZomboCom. You can do anything at ZomboCom. Anything at all. The only limit is yourself.
Actually we're all living inside a giant spaceship, when you get on a plane that air they spray at you from the overhead bin puts you to sleep and they hypnotize you to think you were on vacation.
Back in the day on all international flights to Australia, when the plane landed in Oz the hosties would walk backwards through the plane spraying all the passengers with insecticide (well that's what they told us it was)
Teachers can teach that evolution was put into motion when Gil Gerard, star of the television series Buck Rogers in the 25th Century, used a time machine, went back and ejaculated into the primordial ooze.
Well given that I could never see Erin Gray putting out, what other choice did he have?
HR: Please complete your mandatory child pornography identification training before the end of the month Worker Bee: What?!?!?! Why do I have to do that? HR: Because if you don't complete your training and you encounter child pornography and don't report then you could be subject to prosecution WB: So I have to know what child pornography looks like, so that if I "accidentally" look at some image or video I will recognize it. HR: Yep WB: and if I don't? HR: There'll be other consequence. WB: Like what? HR: Well.. if you get prosecuted, then you might sue us because we hadn't given you the required training to meet the legal requirements of you job. HR: And we can only employ fully trained staff. HR: You do want to stay on staff don't you? HR: So it's a win-win for everyone if you do the training. WB: *sigh*.. OK.. what does this training consist of? HR: Looking at child pornography. WB: How the fuck is that even legal? HR: Don't worry, all your training will be given through an FBI approved course.
Getting a gun on board isn't really very useful any more.
But on second thoughts, while shooting up a single plane wouldn't do much, think about how much terrorism you could do by shooting up an airport - although you don't need to go through security to do that.
It happens, it does not make one irresponsible, maybe a bit too complacent, but not necessarily irresponsible.
I would argue that leaving a weapon such as a gun in an unsecured/uncontrolled location* and not knowing where that weapon is, is the epitome of being irresponsible.
*You may consider it safe while it was in his own home, but once he left that location and was out and about with no clue he was carrying a weapon - well that is a different story all together.
But so forgetful that you leave it in your carry-on accidentally?
If you think about that prior to getting to the airport that the carryon has been sitting around somewhere in their home for long enough that the owner forgot that there was a gun in it, then I'd say the problem extends well past "guns on planes".
To me these 2212 incidents are a clear indication that the bell curve does exist and does apply to the gun owner population - no matter how much pro-gun people speak of "responsible gun owners".
Slashdot Mirror
Forgot to mention, the Swinburne source material uses both "billionth" and "nm", however the Nature article only uses "nm"
Because apparently timothy thinks we're too stupid to understand 'nanometre'? ugh
Regardless of TIMMAY!!! TFA does use "billionth"
200nm thick graphene oxide lens
Highly efficient and ultra-broadband graphene oxide ultrathin lenses with three-dimensional subwavelength focusing
If an errant signal is sent, it could move the tool, start spinning the lathe or a host of other uncontrolled things unexpectedly . . . The unexpectedly part is the problem. If you expect something to not have power then all the sudden is does, you do not know you cannot treat it as if there is no power. If your tools are functioning properly, you know the state of the machines. It is not unsafe at all.
Working on live machinery is whole different kettle of fish and you acknowledge that there can be potential issues. As you are aware of the potential failure modes then you should have had safety protocols in place to cancel out or mitigate those modes. If you didn't have such protocols in place then your workplace is already inherently unsafe and the status of the errant signal is irrelevant.
If Whipslash is reading this - one thing that would be a REALLY interesting addition to Slashdot would be to go find someone from the company to speak to these issues, if possible. Something of an immediate Q&A to either clear up the news or confirm that the situation is as crummy as it appears.
I don't think that /. will every be able to work like that. Compare /. with Ars. Ars actually employs genuine technical minded journalists and produce long form stories of their own. When appropriate they do reach out to all parties to get comment from both sides. /. on th either hand is really just a news aggregator with a fancy commenting system. If anything it should be up to the producers of the original story to looking for comment.
You've now built a device with implicit trust between all of the components, and suddenly with a windows driver update, your device is now getting garbage data,
You seem to have a big problem with FTDI taking down your carefully crafted process because your trust of that company has been broken, yet you seem to have no issue with a applying random windows updates to your mission critical system without any form of testing. Strange that.
The desktop PC of a warehouse manager, a dumb throw-away "converter" PC that was simply stuck in a remote location to turn a serial device into a "network server", etc... People do ALL kinds of crap to engineer solutions for specific scenarios, often in small suppliers or companies too tiny to have good control processes or discipline.
Believe me I know this first hand as well and I do understand for point about cascading failures, as well as people doing weird things in factories. However if any one system such as this converter can cause a cascading failure to the point of injury or death, then you are already dealing with a house of cards full of safety vulnerabilities that you haven't accounted for. Your system isn't safe, its jus that you don't know it yet. With your experience you I expect that you know that safety isn't something you bolt on to an industrial process - it has to be designed in and has multiple redundancies.
If this suddenly and inobtrusively starts causing that measurement data to be misaligned in the output, those weight readings could be transmitted to shippers who may or may not re-weigh the product based on our volume.
Except that the injected appears to be a pretty egregious change in the data stream and not subtle at all
In the worst case scenario, something like this could be done as the last check-weight for loading an aircraft -- a weight-critical application where getting it wrong can cause a tail-strike on takeoff. . . . Pushing it by Windows Update, where no devs are involved to catch the error, is a recipe for potential disaster somewhere.
As I also implied: Windows + auto updates does not equal safe operating conditions in the first place. Especially if you are talking about things like aircraft.
Do you have auto updates enabled on any of the machinery that you use USB to serial converters on? If not, why not?
how many rs232 control protocols do you think use cryptographic authentication? can you name one?
What does that have to do with machine safety?
Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.
If a rogue USB to serial connector (on a windows box, with automatic updates no less) can endanger your workers, then your machinery wasn't safe in the first place.
Too late. That and variations on it have been tried in several countries -- so far with little success as far as changing outcomes is concerned.
From what I remember (and it may be urban legend as it has been a long while since I heard of it) some guy once registered a whole bunch of phone companies with names like "anyone", "the first one" etc. So that when people were wanting to be connected by the operator (this was way back when) and the operator asked them which long distance service to use the callers not caring who they were routed through replied with things like "anyone" etc so that their response matched one of these companies. The operator then duly connected them via the explicitly named company. The kicker was that it the back end he leased his service from the main players but charged a huge premium above what a regular long service would charge.
Who the fuck wrote this piece of shit revisionist ignorant blurb?
And his Hackaday shrill
I was going say that why would I need iTunes Radio when I have Zombo com But sadly it is not online at the moment.
Welcome ... to ZomboCom. This ... is ... ZomboCom. Welcome. This is ZomboCom; welcome ... to ZomboCom. You can do anything at ZomboCom. Anything at all. The only limit is yourself.
Could you get feedback from us "veterans" that have been reading /. for the past, year?
Polls on the side bar .. where they belong!
/. is up for sale, so anything that improves traffic is good for business.
But not necessarily good for reading
Updated with correct time zone (EST). Good catch.
Who are you and what did you do with the /. editors* ????
*And by editors I mean badly written Perl scripts that don't even have a spell check module installed.
Actually we're all living inside a giant spaceship, when you get on a plane that air they spray at you from the overhead bin puts you to sleep and they hypnotize you to think you were on vacation.
Back in the day on all international flights to Australia, when the plane landed in Oz the hosties would walk backwards through the plane spraying all the passengers with insecticide (well that's what they told us it was)
The title of "Next NASCAR" was claimed a while ago by the Rocket Racing League with their manned, rocket powered aircraft.
which doesn't seem to be doing much in the way of racing nowdays.
Teachers can teach that evolution was put into motion when Gil Gerard, star of the television series Buck Rogers in the 25th Century, used a time machine, went back and ejaculated into the primordial ooze.
Well given that I could never see Erin Gray putting out, what other choice did he have?
HR: Please complete your mandatory child pornography identification training before the end of the month .. if you get prosecuted, then you might sue us because we hadn't given you the required training to meet the legal requirements of you job. .. OK .. what does this training consist of?
Worker Bee: What?!?!?! Why do I have to do that?
HR: Because if you don't complete your training and you encounter child pornography and don't report then you could be subject to prosecution
WB: So I have to know what child pornography looks like, so that if I "accidentally" look at some image or video I will recognize it.
HR: Yep
WB: and if I don't?
HR: There'll be other consequence.
WB: Like what?
HR: Well
HR: And we can only employ fully trained staff.
HR: You do want to stay on staff don't you?
HR: So it's a win-win for everyone if you do the training.
WB: *sigh*
HR: Looking at child pornography.
WB: How the fuck is that even legal?
HR: Don't worry, all your training will be given through an FBI approved course.
There was no intent
Intent doesn't count for jack squat. Only actions count.
Getting a gun on board isn't really very useful any more.
But on second thoughts, while shooting up a single plane wouldn't do much, think about how much terrorism you could do by shooting up an airport - although you don't need to go through security to do that.
Found is the key word. And you guys don't have guns, the Swiss do.
LOL .. talk about uniformed. Sweden is in the top 10 countries of gun ownership per capita.
It happens, it does not make one irresponsible, maybe a bit too complacent, but not necessarily irresponsible.
I would argue that leaving a weapon such as a gun in an unsecured/uncontrolled location* and not knowing where that weapon is, is the epitome of being irresponsible.
*You may consider it safe while it was in his own home, but once he left that location and was out and about with no clue he was carrying a weapon - well that is a different story all together.
But so forgetful that you leave it in your carry-on accidentally?
If you think about that prior to getting to the airport that the carryon has been sitting around somewhere in their home for long enough that the owner forgot that there was a gun in it, then I'd say the problem extends well past "guns on planes".
To me these 2212 incidents are a clear indication that the bell curve does exist and does apply to the gun owner population - no matter how much pro-gun people speak of "responsible gun owners".