From the picture you can see their set up is flawed. The current sensor they are using can be inaccurate but more importantly they are likely measuring power as current*voltage which is only correct in AC for purely resistive loads. The switching power supplies in the LED light bulbs or the ballasts in florescent lights or any inductive motor will cause this reading to be incorrect.
I didn't recognize any of the meters in the pictures. The big makers L+G, Itron, Elster and Senses go through an insane amount of testing and regulatory oversight. These are almost commodity items and the cost of a recall would wipe out tens of years of profit.
We do need smart meters. We need to have billing based on the cost of electricity production so that we can use things like wind and solar. I want people to use more energy when the wind blows or the sun shines and I want to avoid building and firing up peaker plants.
Lastly ask some former meter readers from Texas and the US south how much they miss being bitten by dogs and shot at while reading meters.
In any normal country the insurance industry would be fighting this. Insurance is insuring against risk. Without risk there is no insurance. If an insurance company knows 100% that you will die or cost them something then they won't offer you insurance but if they do offer you insurance then you would be a fool to take it since you aren't going to need it.
I did security evaluations of Verifone devices many years ago. They had the only device I ever failed to breach. They seemed to be very detailed oriented and careful. Their devices were also more expensive to make and better put together than their competitors.
Many vendors put a method to contact and trouble shoot their devices. Windows telemetry could be considered an example of this. For the average consumer (who doesn't even know what privacy is) this is almost always a good think. Customer support can easily fix their device. Unfortunately, this is IoT so the security is going to be shit. It's not just a Chinese problem it's the entire industries attitude.
The killer to these projects is you have to recoup your cost before the system wears out while also covering maintenance costs. We do this on land pumping water up hills and doesn't make economic sense. The systems require to much maintenance. In North America the ones that are already build are used as insurance. Utilities pay for the ability to draw several MW from these systems while they wait for a coal system to come on line. Coal takes a while, while hydro is close to instant. The utilities pay for this insurance every month whether they use the electricity or not and when they do use the electricity they pay in the multiple dollars per KWh. The system in the article will be charged with unwanted electricity, cost 0, but will sell the electricity only at peak and shoulder prices. It's not going to viable.
A modern processor has many different parts and technologies in it. You might make huge leap in one area - lithography, reducing internal resistance or gate switching time but it won't increase your overall performance by very much because one of the other parts will then become the bottle neck.
The admin has a very powerful tool. It has almost no constraints on what it can do because 99% of the time we want that power. We are dealing with an uncommon, unexpected situation and need to be able to have the power to do something different. The exact correct command might be something that no one anticipated before. It would be very time consuming to come up with rules preventing such a command.
Also I don't think more warning messages or safety logic is always the answer. Maybe practicing more without the autopilot is the answer. Look at Air France 447.
Programming is about creating something that hasn't been created before. So a programmer has to be someone who can create something new. It is the interviewer's job to find out if the programmer can create something new so the interviewer asks a question they hope the programmer doesn't already know and observes how the programmer comes up with a solution.
Every interviewee should know ahead of time that this is the type of question they will get. The interviewer should also know why they are asking the question. The problem is that no one told these rock stars who are taking to twitter this. (maybe over use of twitter has a correlation with intelligence) The other thing I see is interviewers who don't know why they are asking the question and how to evaluate the answer. However this isn't a problem, it is just a great big flashing warning not to work at the company.
A very large company I worked for had this for about 3 months and the reward was a percentage of the money you saved the company. It was well thought out and ideas were all considered. The first 3 winners were secretaries of senior management and all their ideas were ones that senior management should have already implemented. The program was then canceled and I think the secretaries got screwed out of the percentage they saved.
As a consumer, I can't measure the security of a webcam, toy or even a website before I buy/use it. If I live in the USA I can't even safely test it after I buy the product. There are 4 companies that have reputations that I would consider trusting their security and to get to four I had to include Microsoft.
So if you are not one of those four companies security will not gain you a single sale. Lack of it might burn you later but even that is unlikely.
We know shit security is a problem. I want to hear some viable solutions.
I don't see certifications for products catching on or being effective. Liability for the software developer would result in the lead developer being some guy in India with no assets to sue. Recall laws that say if your device is used in a DDOS attack you must upgrade it or replace it? What if I buy the device of the net from a company in China and China doesn't have such a law.
This still can be weaponized. Even if I only have two bit streams that start the same and then only differ in a block that I couldn't control I can still create malicious executables. Once I have the two streams that collide as long as the bits I add to both streams are identical the hashes will remain identical. I then have code after the differing block(s) that checks a value of a field in the differing blocks and behaves differently based on this value. I now have a good executable that is well behaved that I can submit to be signed by Microsoft or some other trusted company and a bad piece of software that has the same hash value. I take the valid signature from the good software and append it to the bad software and the signature remains valid.
A hash function takes an arbitrary string of bits and outputs a string of bits of a fixed length.
A CRC is an example of a hash function and a long CRC would probably be good enough for GIT or most repositories.
First Pre-image resistance - this is a test of the one wayness of the function. Given a hash value it is difficult to find a pre-image that hashes to that value. Given y a string of bits of length hash output length finding X such that h(X) = y is hard.MD-5 and SHA-1 are still resilient against first pre-image attacks
Second Pre-image resistance - given a message X finding a Y such that h(X)=h(Y) is difficult. MD-5 and SHA-1 are still resilient against second pre-image attacks
Collision resistant - It is hard to find two messages X and Y such that h(X) = h(Y). Note the attacker here is free to choose both X and Y. Both MD-5 and SHA-1 are no-longer collision resistant.
So far however the two messages X and Y have to be nearly identical. They have to start and end the same way and the blocks that are changed actually have to be changed and tested together to make sure the hash function internal state changes only in a specific way. I can't create a document that says the rent will be $3000 per month and another that says it will be $30000. (I might create one that says it is $3149.21 and the other $53210.63 per month, like in the PDF example they played with a colour field). Also because of the way the internal state of the hash function changes we now have a way of detecting if someone is feeding a "funny" stream of bits into our hash function and detect this attack with a very low probability of a false positive.
My doctor is just a very expensive diagnostics machine - not an overly great one. She's always diagnosing the same model, she now uses other machines to measure temperature, heart rate and blood pressure. If she need to measure blood chemistry she sends me to another machine. She spends 60% of her time filling out paper work and I can't read her writing.
The last humans working in the clinic are going to be the cleaning staff.
Except 99% of the work on the international space station is experiments in zero gravity. The ISS isn't very good for astronomy or taking any kind of cosmic readings and it's not a good platform for making earth observations either. We go to the ISS for zero G.
I'm frustrated by your generalization "That's true of every software proprietor"
The very large and very visible company that I work for, works hard to make sure we stay on top of vulnerabilities. If my team discovers one in any product, nothing else in that product line goes out till the bug is fixed. Also I don't know of any back doors in our products or even any requests for back doors in our products. I do know of requests for back doors or underhanded feature requests that have gone into other companies products but I've quietly informed them of the true malicious intent of these requests and they have been removed.
I find it hard to believe good programmers who can easily find new jobs would ever put back doors in their products. Maybe the quality of the code is a good indication of whether or not something was allowed to be slipped in.
Initially this is going to be very expensive so only rich people will be able to use it for their children. Most rich people don't have genetic mutations they will pass on, they (and everyone else), will want taller, whiter, more athletic children, lighter coloured eyes, blonde hair, etc. Next we will figure out the genes for intelligence. In 15 years the very rich will be able to give these gifts to their children. In 40 years every Olympic medal will be won by one of these children. If you thought the rich had an advantage by sending their kids to better schools just imagine what this will do to inequality. (Although maybe we can hope that in 50 years this will lead to more intelligent and more compassionate politicians)
Where I work we make security and authentication tools. Half the western world uses our products to authenticate themselves. Our products shouldn't use javascript. I would prefer that everyone in the world browse the internet with javascript turned off by default. If you go to a site you trust then turn it on. Unfortunately my own company forces people to use javascript because it makes sites look shiny and modern and pages are more responsive.(assuming you load 4MB of javascript bloat to a simple login page)
An extra 10% of utility might be worth $500 to me over the life of the phone. So if you offer me 2 phones that are 90% as good as the top Samsung phone for the same price as that Samsung I still will choose the Samsung.
Many young coders don't know that you can directly talk to an email server and have it deliver an email just using human readable commands over a TCP connection. HTTP and many of the older protocols work fine just using netcat.
The security implications these youngsters miss should keep everyone awake at night.
Here in Canada people can get stuck on welfare because taking job will reduce their benefits by more than the job pays. If you also add in the fact that it costs something to go to work (transportation, clothing, less time to shop), then these people will find it impossible to get back into the work force.
As the driver system architect you have to:
Make sure all the existing drivers work
Work with every possible permutation of system - multi core, weird combinations of peripherals
Anticipate new possibilities even though you have no idea what those might be
Get it done by a deadline
No you don't get to go back and fix past mistakes, you don't get to create a new preference field, you have to work with something that is common to every existing driver. Kludge? It's ugly but I bet 99.9% of us couldn't have come up with something better and MS just didn't have the 0.1% guy available at the time.
...hey are calling the lack of attraction, repulsion...
They are not calling a lack of attraction a repulsion. They are specifically showing that this is not the case. They have mapped the velocities of objects and objects are moving from the Dipole Repeller to the Shapley Attractor but the velocities indicate that gravitational pull is not the only force in play. There might not be a force pushing objects away from the Dipole Repeller but objects are acting like they are being repelled. i.e. they are accelerating away from the Dipole Repeller.
We do know at very large distances (such as the ones here) that space is actually expanding. Two objects stationary to each other a million light years apart will see the space between them increase at about 25km/s. As the objects get further apart the rate the distance between the object increases increases. That is to say the objects would appear to be accelerating away from each other.
Space is expanding at about 25km/s per million light years. That is to say if two objects are a million light years apart the space between them is expanding at 25km/s.
Now it could be that mostly empty space expands faster than this or maybe there is some other thing that happens in mostly empty space. The point is that we see matter moving away from the "repeller" and it maps more closely to how you would see particles moving between poles of a magnet than just being attracted by one object.
There is a certain level of incompetence or willful malice in the use of NSL and secret rules. Even if you are in the FBI and you don't have a moral objection to spying on everyone without a warrant you must know that this behaviour is going to drive people to use end-to-end encryption and anonymizing networks. Many journalists are already doing this, soon most email will be end-to-end encrypted. Thank you NSA and FBI for ruining future law enforcement's ability to collect evidence.
Slashdot Mirror
From the picture you can see their set up is flawed. The current sensor they are using can be inaccurate but more importantly they are likely measuring power as current*voltage which is only correct in AC for purely resistive loads. The switching power supplies in the LED light bulbs or the ballasts in florescent lights or any inductive motor will cause this reading to be incorrect.
I didn't recognize any of the meters in the pictures. The big makers L+G, Itron, Elster and Senses go through an insane amount of testing and regulatory oversight. These are almost commodity items and the cost of a recall would wipe out tens of years of profit.
We do need smart meters. We need to have billing based on the cost of electricity production so that we can use things like wind and solar. I want people to use more energy when the wind blows or the sun shines and I want to avoid building and firing up peaker plants.
Lastly ask some former meter readers from Texas and the US south how much they miss being bitten by dogs and shot at while reading meters.
In any normal country the insurance industry would be fighting this. Insurance is insuring against risk. Without risk there is no insurance. If an insurance company knows 100% that you will die or cost them something then they won't offer you insurance but if they do offer you insurance then you would be a fool to take it since you aren't going to need it.
I did security evaluations of Verifone devices many years ago. They had the only device I ever failed to breach. They seemed to be very detailed oriented and careful. Their devices were also more expensive to make and better put together than their competitors.
Many vendors put a method to contact and trouble shoot their devices. Windows telemetry could be considered an example of this. For the average consumer (who doesn't even know what privacy is) this is almost always a good think. Customer support can easily fix their device. Unfortunately, this is IoT so the security is going to be shit. It's not just a Chinese problem it's the entire industries attitude.
The killer to these projects is you have to recoup your cost before the system wears out while also covering maintenance costs. We do this on land pumping water up hills and doesn't make economic sense. The systems require to much maintenance. In North America the ones that are already build are used as insurance. Utilities pay for the ability to draw several MW from these systems while they wait for a coal system to come on line. Coal takes a while, while hydro is close to instant. The utilities pay for this insurance every month whether they use the electricity or not and when they do use the electricity they pay in the multiple dollars per KWh. The system in the article will be charged with unwanted electricity, cost 0, but will sell the electricity only at peak and shoulder prices. It's not going to viable.
A modern processor has many different parts and technologies in it. You might make huge leap in one area - lithography, reducing internal resistance or gate switching time but it won't increase your overall performance by very much because one of the other parts will then become the bottle neck.
The admin has a very powerful tool. It has almost no constraints on what it can do because 99% of the time we want that power. We are dealing with an uncommon, unexpected situation and need to be able to have the power to do something different. The exact correct command might be something that no one anticipated before. It would be very time consuming to come up with rules preventing such a command.
Also I don't think more warning messages or safety logic is always the answer. Maybe practicing more without the autopilot is the answer. Look at Air France 447.
Programming is about creating something that hasn't been created before. So a programmer has to be someone who can create something new. It is the interviewer's job to find out if the programmer can create something new so the interviewer asks a question they hope the programmer doesn't already know and observes how the programmer comes up with a solution.
Every interviewee should know ahead of time that this is the type of question they will get. The interviewer should also know why they are asking the question. The problem is that no one told these rock stars who are taking to twitter this. (maybe over use of twitter has a correlation with intelligence) The other thing I see is interviewers who don't know why they are asking the question and how to evaluate the answer. However this isn't a problem, it is just a great big flashing warning not to work at the company.
A very large company I worked for had this for about 3 months and the reward was a percentage of the money you saved the company. It was well thought out and ideas were all considered. The first 3 winners were secretaries of senior management and all their ideas were ones that senior management should have already implemented. The program was then canceled and I think the secretaries got screwed out of the percentage they saved.
As a consumer, I can't measure the security of a webcam, toy or even a website before I buy/use it. If I live in the USA I can't even safely test it after I buy the product. There are 4 companies that have reputations that I would consider trusting their security and to get to four I had to include Microsoft.
So if you are not one of those four companies security will not gain you a single sale. Lack of it might burn you later but even that is unlikely.
We know shit security is a problem. I want to hear some viable solutions.
I don't see certifications for products catching on or being effective. Liability for the software developer would result in the lead developer being some guy in India with no assets to sue. Recall laws that say if your device is used in a DDOS attack you must upgrade it or replace it? What if I buy the device of the net from a company in China and China doesn't have such a law.
This still can be weaponized. Even if I only have two bit streams that start the same and then only differ in a block that I couldn't control I can still create malicious executables. Once I have the two streams that collide as long as the bits I add to both streams are identical the hashes will remain identical. I then have code after the differing block(s) that checks a value of a field in the differing blocks and behaves differently based on this value. I now have a good executable that is well behaved that I can submit to be signed by Microsoft or some other trusted company and a bad piece of software that has the same hash value. I take the valid signature from the good software and append it to the bad software and the signature remains valid.
A hash function takes an arbitrary string of bits and outputs a string of bits of a fixed length.
A CRC is an example of a hash function and a long CRC would probably be good enough for GIT or most repositories.
First Pre-image resistance - this is a test of the one wayness of the function. Given a hash value it is difficult to find a pre-image that hashes to that value. Given y a string of bits of length hash output length finding X such that h(X) = y is hard.MD-5 and SHA-1 are still resilient against first pre-image attacks
Second Pre-image resistance - given a message X finding a Y such that h(X)=h(Y) is difficult. MD-5 and SHA-1 are still resilient against second pre-image attacks
Collision resistant - It is hard to find two messages X and Y such that h(X) = h(Y). Note the attacker here is free to choose both X and Y. Both MD-5 and SHA-1 are no-longer collision resistant.
So far however the two messages X and Y have to be nearly identical. They have to start and end the same way and the blocks that are changed actually have to be changed and tested together to make sure the hash function internal state changes only in a specific way. I can't create a document that says the rent will be $3000 per month and another that says it will be $30000. (I might create one that says it is $3149.21 and the other $53210.63 per month, like in the PDF example they played with a colour field). Also because of the way the internal state of the hash function changes we now have a way of detecting if someone is feeding a "funny" stream of bits into our hash function and detect this attack with a very low probability of a false positive.
My doctor is just a very expensive diagnostics machine - not an overly great one. She's always diagnosing the same model, she now uses other machines to measure temperature, heart rate and blood pressure. If she need to measure blood chemistry she sends me to another machine. She spends 60% of her time filling out paper work and I can't read her writing.
The last humans working in the clinic are going to be the cleaning staff.
Except 99% of the work on the international space station is experiments in zero gravity. The ISS isn't very good for astronomy or taking any kind of cosmic readings and it's not a good platform for making earth observations either. We go to the ISS for zero G.
I'm frustrated by your generalization "That's true of every software proprietor"
The very large and very visible company that I work for, works hard to make sure we stay on top of vulnerabilities. If my team discovers one in any product, nothing else in that product line goes out till the bug is fixed. Also I don't know of any back doors in our products or even any requests for back doors in our products. I do know of requests for back doors or underhanded feature requests that have gone into other companies products but I've quietly informed them of the true malicious intent of these requests and they have been removed.
I find it hard to believe good programmers who can easily find new jobs would ever put back doors in their products. Maybe the quality of the code is a good indication of whether or not something was allowed to be slipped in.
Initially this is going to be very expensive so only rich people will be able to use it for their children. Most rich people don't have genetic mutations they will pass on, they (and everyone else), will want taller, whiter, more athletic children, lighter coloured eyes, blonde hair, etc. Next we will figure out the genes for intelligence. In 15 years the very rich will be able to give these gifts to their children. In 40 years every Olympic medal will be won by one of these children. If you thought the rich had an advantage by sending their kids to better schools just imagine what this will do to inequality. (Although maybe we can hope that in 50 years this will lead to more intelligent and more compassionate politicians)
Where I work we make security and authentication tools. Half the western world uses our products to authenticate themselves. Our products shouldn't use javascript. I would prefer that everyone in the world browse the internet with javascript turned off by default. If you go to a site you trust then turn it on. Unfortunately my own company forces people to use javascript because it makes sites look shiny and modern and pages are more responsive.(assuming you load 4MB of javascript bloat to a simple login page)
An extra 10% of utility might be worth $500 to me over the life of the phone. So if you offer me 2 phones that are 90% as good as the top Samsung phone for the same price as that Samsung I still will choose the Samsung.
The electric car motors are also for breaking. I may never want to accelerate that fast but I want to know that I can decelerate that fast.
Many young coders don't know that you can directly talk to an email server and have it deliver an email just using human readable commands over a TCP connection. HTTP and many of the older protocols work fine just using netcat.
The security implications these youngsters miss should keep everyone awake at night.
Here in Canada people can get stuck on welfare because taking job will reduce their benefits by more than the job pays. If you also add in the fact that it costs something to go to work (transportation, clothing, less time to shop), then these people will find it impossible to get back into the work force.
As the driver system architect you have to:
Make sure all the existing drivers work
Work with every possible permutation of system - multi core, weird combinations of peripherals
Anticipate new possibilities even though you have no idea what those might be
Get it done by a deadline
No you don't get to go back and fix past mistakes, you don't get to create a new preference field, you have to work with something that is common to every existing driver. Kludge? It's ugly but I bet 99.9% of us couldn't have come up with something better and MS just didn't have the 0.1% guy available at the time.
They are not calling a lack of attraction a repulsion. They are specifically showing that this is not the case. They have mapped the velocities of objects and objects are moving from the Dipole Repeller to the Shapley Attractor but the velocities indicate that gravitational pull is not the only force in play. There might not be a force pushing objects away from the Dipole Repeller but objects are acting like they are being repelled. i.e. they are accelerating away from the Dipole Repeller.
We do know at very large distances (such as the ones here) that space is actually expanding. Two objects stationary to each other a million light years apart will see the space between them increase at about 25km/s. As the objects get further apart the rate the distance between the object increases increases. That is to say the objects would appear to be accelerating away from each other.
Space is expanding at about 25km/s per million light years. That is to say if two objects are a million light years apart the space between them is expanding at 25km/s.
Now it could be that mostly empty space expands faster than this or maybe there is some other thing that happens in mostly empty space. The point is that we see matter moving away from the "repeller" and it maps more closely to how you would see particles moving between poles of a magnet than just being attracted by one object.
There is a certain level of incompetence or willful malice in the use of NSL and secret rules. Even if you are in the FBI and you don't have a moral objection to spying on everyone without a warrant you must know that this behaviour is going to drive people to use end-to-end encryption and anonymizing networks. Many journalists are already doing this, soon most email will be end-to-end encrypted. Thank you NSA and FBI for ruining future law enforcement's ability to collect evidence.