"M$ has made it OK to push anything out the door as long as you get there first. U.S no longer has a standard for high quality technology anywhere."
The scariest thing is that MS has lowered the educational bar, so to speak, to the point where people believe that they were finally innovative in the creation and/or spread of the cash before quality business plan...
I have set up a few historians for power plants that report back to corporate over a VLAN. I'm going to have to assume that you haven't visited those plants yet, as buffer overflows and similar exploits would not do you much good in trying to access much of anything. Typically in those setups there are three networks involved: The corporate VLAN, the plant LAN, and the systems LAN. Software on the plant LAN collects data (and also controls devices) and sends data across a line to the historian. The plant historian collects data and acts as an interface to send a subset of the data to the corporate historian. There are only two ports open through these firewalls. In order to even create a buffer overrun you would first need to kill the corporate historian and the secondary corporate historian after monitoring some data flow to see whats going across the wire. Ok, so now you need to write an app that sends data in a similar fashion as the historian, since the only communication going back down the wire to the plant is a series of acks and tagnames for which you want data. For completeness you restart the server and capture the opening few packets that are sent to it and the acks that go back, as the plant's historian interface only sends data when it knows the target corporate historian is up. Oh, and to give yourself more than 5 minutes to work on the sstem, you also monitor and duplicate all queries that are coming in to the historian, because several of those are tied to monitors that will start firing off SMS messages and such. You could just take down the mail servers, but that would be kind of noticeable. Ok, so you fire up your program and start trying to exploit the remote system by sending large acks, illegal arguments, whatever. We'll assume for the sake of argument that you have found some malformed argument that the interface won't choose to ignore. Maybe the interface crashes and restarts a few times, no big deal. Absolute worst case? You manage to crash it a few times. Your not going to get a magic shell prompt through this app, the capability does not exist for it to execute commands on the local box, and the only thing it is capable of doing is requesting tag data from the plant historian (in a seperate thread). Send it requests for 100 tags that don't exist? It will query the plant historian and throw them out. Send it requests for badly formed tagnames? They will never make it on the list used internally that it queries from the historian. The worst that happens to the plant historian is that it receives multiple connect requests from the interface (if your crashing the interface) or that it receives a bunch of bad tag requests. That interface cannot be crashed often enough to flood out the historian and bad tag requests happen all the time. The best you could do here is cut the information flow, which you could have done by getting inside the corporate LAN anyways.
They need but purchase a system, study the standard installations, code base and protocols and find the exploits.
You imply that there is a core set of systems that everyone is using. This is true, but only if you define "core set" as hundreds. I can think of 4 historians off the top of my head. Those historians can use any number of software interfaces to connect to more device specific software. For every device protocol there are at least 5-6 times as many software packages. Not to mention how many types of devices are out tere and how many protocol flavors there are, even of the non-proprietary open ones. What is your group of hackers going to do, download every single kepware driver and then start hacking corporate america, hacking historians, until it finds one of the multitude they offer? The system I dislike the most, Wonderware, has six modbus drivers available, plus the new DA servers. Not to count the previous versions that people could be running. Not to mention the fact that you could use one of the OPC interfaces (or third party software) and an OPC->Modbus interface.
I use Bitpim formy current Verizon/LG phone. Have another app that I use for the Nextel work phone. I think my two previous phones I didn't bother with apps and just dropped stuff on my webserver with a tiny menu and downloaded from there. Generally for every phone out there someone has figured out a way around any built-in protection. The thing that always pisses me off is that the phones are perfectly capable of being hooked up to a data cable, it's just that in many cases they are neutered (the nextel phone needed a nextel subnet in the hosts file and a specific web address with SSL that responded as if it was Nextel).
My second to last sprint phone was the one that annoyed me the worst. I was sold a data cable specifically because I planned on trying to write some small java apps for the phone. Then I found out that the data cable was just about useless and that I had to upload the program over the air every time I wanted to ty to run it. In fact it pissed me off enough that I ended up not even mesing with it.
In any case, there are a couple good sites out there that outline what you need for particular phone models/vendors. HowardForums is one I end up at quite frequently. Generally you will probably be able to find a forum or site specifically for your phone model or model family as well.
To anyone else that bothers to reply to this: Don't bother with it. It's part of a string of stories this poster post around the internet, hoping to get some semblance of attention. Hitting google I see this exact story has been posted multiple times on Slashdot, kuro5hin, digitalmob, etc.
He is likely just paid to keep posting the same story over and over again. Similar to the post about the female business owner who found open source more expensive. That one pops up fairly regularly too.
Unfortunatly this guy is not paid for imagination, so the story doesn't even change over time...
I was with you up until the career path portion. When I was in college we made fun of IT (and MIS for that matter). We were programers, aspiring software engineers. What I have since learned is that IT does not just cover the people that fix the hardware, install the software, maintain the network, etc. Currently our IT department consists of 4 or 5 first level people who do engage in those types of responsiblities. We also have our network admin, systems admin, database people, etc. However, we then have two fulltime developers who work on everything from software development to rapid reverse engineering on the legacy applications that have no documentation and a tendancy to break when a mouse sneezes down the road. Additionally we have two more developers that work strictly on the database and reporting side. Personally I consider what I do (most days) to be software engineering. Except that most of the time I have to be proect lead, developer, tester, etc all in one. But our in house software still has to work at 3-4 seperate companies in 7-8 locations, and we have a long way to go befoe those systems are homogenous. Thi isn't one-off, hackish, compile-it-on-the-customers-box software. Part of the beginning of the year will be spent adding French to several applications before they go overseas.
The point being, IT is not just fixing computers. When I decide to move on from this position I will be able to put half a dozen systems on my resume plus I will be able to say I integrated software with a dozen differant technologies. On top of that, there are positions up the ladder that have nothing to do with IT. The president of one of our companies used to be the director of IT. Our current director of IT is the guy I go to when I sit down to try and write something in Perl (I lose the mind set after a while), but he is also the guy that golfs with the president of the company we have our offices at (not the former It director either).
I don't know what your goals are in life, but if your eventual goal is to find a cubicle and spend 6 months working on 1/200th of a project, working your way up to a position were you can be project lead for 1/20th, good luck. Me, I'm going to design my own software for a while, in the hopes that that will lead me more quickly to my goals. I may not be writing the next ERP system, or rather 1/200th of the next ERP system, but I like being able to put my name on the design and testing of projects.
oh, and to bring it more in line with the article: I wear khakis most days or slacks. Never a t-shirt. Jeans on fridays for unofficial-jeans-on-friday day. My customers see me every day, and I definately agree with your thoughts on that.
I don't see how this would be differant than any of the other multitude of anti-spyware apps. Any one of them, during the time in their life when they were at the peak, could have done the same thing. In fact, maybe they did and thats why we all moved to the next best anti-spyware app.
Although according to our records it looks like you are still running your old anti-spyware software. But you don't need to upgrade. Also, it looks like your recycle bin is full again, you might want to empty it.
I think the legal source code ownership played a key role here. There is a big difference (relative big-ness is up for debate of course, or should be) between buying the source code and buying a product that utilizes the software. Same with people who earlier posted about trying to undo copy protection on CD's. In this case the company was supposed to legally own the source (or so I surmise) and therefore was trying to circumvent their own software. Now, whether they knew this was the case or believed they didn't legally own the software is of course a differant matter that probably could not easily be proven one way or the other.
Yes, because we all know that only MCSEs and Microsoft fanboys would ever care about a development tool on a Microsoft platform. Everyone else has freed themselves from the tyranny and evil that is Microsoft. Real geeks wouldn't touch their products with their cubemates yard stick, except maybe to push the LiveCD into the tray, and even then the yardstick would have to be ritually burned. It's a good thing we programmers determine exactly which servers a company will use and set all of the guidelines for the technology.
In other words, just because you feel that Windows and Windows-based software is a waste of time, doesn't mean that some of the rest of us are willing to treat programming as something other than a religion and take the time to examine other possibilities for a specific platform. But thank you for your input, it helps when I see a comment like yours first thing in the morning. It helps me keep perspective on my own dislikes, to remind me that even if I do have a Linux machine on my desk, I have not fanatically assumed that no good software could be written on another platform. Maybe that puts me further back in the line for the kool-aid, but I like to think it puts me closer to the real programmers who are interested less in the platform and more in what can be done with it.
Are you saying that all kids that are accelerated into physics burn out fast or that just plain all physicists operating at that level burn out fast?
My father is fairly recognized in the wave theory field, having been invited to talks all over, published quite a bit (really published, not just publish or perish pieces), gets Christmas cards from some notable people in the field, even has done something for the government (I dunno, it was two weeks or so that he can't talk about that he spent underground) and some other, stranger, invites. I am not a physicist so I couldn't tell you truly what level he is at in the food chain, but he seems to be near the top or middle-top of his particular field (wave theory, specifically soliton waves I think).
My point in all this is that I could see someone burning out if they hit it too early, but he (and many of his colleagues) just seem to keep going. He enjoys filling the board with mystical symbols as much as I enjoy filling it with programming constructs. I don't see him getting burned out on it. Sure he has the occasional phase of it, I think we all need the occasional break where we focus on something else for a while. Plus he puts a lot of energy into teaching (2 or 3 excellence awards for it this year), but I cannot believe he is the only physicist/mathematician (or really any scientist) that devotes this type of energy and time to his work and keeps on going.
So, like I said, I don't know what you consider best, but I know for a fact he has been doing this far longer than 5 years, as have colleagues of his in multiple parts of the world. And I know one example doesn't make a proof, and I do have a lot of respect and pride for him, but I can't believe that everyone else in his field gives up after such a short period of time.
In a way, Walmart has a guarantee too. It's called:
"If we found out some other retailer is getting a cheaper price on something from the same distributor/manufacturer, our purchasing price will drop below theirs retroactively"
Basically if you (as a manufacturer or distributor) want to do business with Walmart you have to sign a contract (standard operating procedure). That contract states that if you sell a product to another company for less than x cents more then what Walmart pays, Walmarts purchase price will retroactively drop to x cents below that purchase price, dated back to the first purchase by the other company at the reduced price. This is how they keep their prices down. If you want shelf space at Walmart, you sign the contract with that clause in there. So they do start with a lower price/part then their competitors. The best the competition can do to get a better deal is to buy something similar from a differant manufacturer, buy it at a more expensive price and charge the least possible markup, or buy it from some guy with a warehouse that is completely out of the normal supply chain.
Take it one step further. If a book can be copyrighted AND it's storyline patented, how long will it be before the MPAA gets some movie storylines pushed through? Quickly followed by patenting some portion of lyrics or a song by the RIAA?
Think how much worse off all this stuff will get when they start trying to hitpeople with copyright infringement AND some sort of trade secret clause or violation ofpatent, or some junk lie that. Sure it seems pretty out there, butthen everything that they have done in the last 5 years would have seemed way out there from the viewpoint of the mid-nineties.
Except for the fact that Microsoft is an international company and already deals with the more restrictive UK privacy laws. Honestly I think it is just a matter of consistency. Consider, right now they have to deal with 50 differant sets of laws whereas a set of federal laws would reduce that to one major set (for the USA that is). Lowering the complexity of the market is, in itself, good for Microsoft. If nothing else, thats almost all of one department of lawyers and interns that they will be able to free up in their budget:P
While I am usually the first (here at work anyways) to complain about IE's innumerable issues, it also is not really that difficult to make a standardized page that displays correctly in multiple browsers (including IE). There is the occasional extra line break that shouldn't be there, or an extremely minor difference that is only viewable when switching rapidly back and forth between browsers, but overall the simple layout you have chosen should easily be implementable in all major browsers...especially with the tables you have used for your layout.
I was going to post a quick fix until I actually saw more of the source. You do realize that about 20% of your CSS is just increasing the download time and just being overridden when you redefine the same attributes a few lines lower, right?
And it actually looks like you have, in several cases, used errors in Firefox rendering and are now complaining that IE didn't make the same errors.
And right now a co-worker is laughing at me for what he sees as a defense of IE.
Look, it's not hard to make a simple layout that works in all browsers. You attempted to over-complicate it, couldn't manage to hack it into working on multiple browsers, then gave up and simply made a stand against IE. My advice weould be to rewrite the layout from scratch. Dump the repetitve CSS, dump the tables, dump everything. Then from scratch build up the layout.
I know you don't seem to like the 4-layer approah, but you should check out Jinzora. Several of us have been setting up music servers at home recently based on that. Granted you still have the 4 layer issue, but the upside is that it is fairly easy to create custom playlists (and save them for later), the search bar will search on song info or even downloaded metadata (is there cover art on the iPod? with album descriptions? With band art? with band descriptions?), and you also have various types of lists built as you listen to music. i haven't used it long enough to know if it visibly keeps scores on everything, but it seems fairly solid already, so I wouldn't be surprised if this was in the future (if it'snot already in there). Also handles jukebox or streaming and I believe that podcasts are either just around the corner or somethng we overlooked (since none of us have an iPod but I was persuing the code). When I finally get time to set up my Myth box I fully plan on putting Jinzora on the backend server as well. one of my friends already has it setup and is a few parts away from integrating it into his house system. He's tying the RF remote in and basically will be routing the jukebox to the upstairs and outdoor receiver via optical, then tying in the other computers in the house simply by setting them up to stream. Ripping all his CD's in flac (it will auto-transcode for you).
My fiancee has an iPod, she hasn't seen this yet but I'm betting she'll like a central music server of losslessly recorded musc a lot betterthan the 20GB of music she can carry now...especially considering it has a web interface and you can configure your own key bnds forthe interface (which means that binding, say, an RF remote to the interface is going to be much much easier).
Anywas, completely OT but it was the first thing I thought when I read your post:) Oh, linky for easier access: http://www.jinzora.com/
* dislaimer: I am in no way affiliated with this product, except for having posted on a forum once about apiece of debug code they accidentally left in a release. So, like I said, not affiliated:P
Hmm, and I always thought those types of ads were just a bad sign about their management or HR deptartments. Maybe we should all start responding to them when we see them. If we all sent an email to ad's like that trying to correct their misunderstanding of what a proper payscale is, it would really screw up the "we don't get no responses" ratios that company was trying to prove:D
Oh, but we all know that if we had only had a legal subscription service earlier, there never would have been a need for people to create other systems. That niche would have been filled and we would all be paying for the legal subscription service.
And if Microsoft had managed to create an OS before the free BSD's or Linux then no one would ever...er, oh, wait...I guess that happened didn't it...
Look at all of the software on the market. There are always going to be other companies that will wan to create a similar product, developers who feel there are things missing and start writing their own, etc. I don't think a single thing would be differant if Napster had picked up subscription capabilities. Other alternatives would still have come up to replace missing fnctionality, etc. The only way I could possibly believe that Napster would have the last P2P application is if they had managed to convince every single user, deeloer, and business that the technology and idea could go no further, that it was useless, that it was a waste of time and money,...etc and so on. Basically it would be impossible to remove the desire for a better or differant product from the entire populace and the process of moving to a subscription model would likely have been treated exactly the same as what really happened.
I have DamnSmallLinux on mine. Uses about 120Mb and it runs in an emulator window (qemu, based on bochs) or can boot (provided the PC can boot off USB). That 120Mb contains the base image (~50Mb I think) and a virtual harddrive that i have since been adding to. Email, web, FTP, SSH, editors, Samba, wireless, the list is fairly long. Benn thinking about setting up point to point tunneling to my home server to extend it's usefullness even more...
So in a shorter description, what happens is that: 1) you determine how many groups of 8 you will need, rounding up to count the remainder block as well (if there is one) 2) code enters switch statement based on the remainder value, hits the correct case and falls through (note that if there was no remainder we start at the top of the cases and fall through, consuming an entire 8 block) 3) code hits the while, decrements the number of 8 blocks (as we just finished off the partial "remainder block") 4) return to do, fall through to finish this 8 group 5) loop back to 3
Took me a few minutes of staring at it (and I admit, some tme looking at above descriptions) to get over 4 years of no C in my diet, but now I have to admit that is beautiful.
Thank you for taking apart my post, you have added a great deal of value to this whole section. I added a "that I am aware of" simply because I am willing to admit that I don't know all of thesystems out there andthere may very well be a system that does the same thing and costs more. I seriously doubt it, but I was leaving it open.
The.Net SDK actually uses their communications protocol. In fact that previous-to-.Net SDK and API were in C. The applications they have are all either C with.Net front-ends or 100%.Net.
The PI suite is actually made up of a data historian, any of over 100 client interfaces that tie into various manufacturers hardware, and then a large number of client tools for people to view and manipulate data as well as numerous oter tools that act on the data (such as triggered applicaitons and such). The actual database and hardware interfaces are not.Net for efficiency and speed as well as because the database started in the 80's. The tools on the other side of the database (users tools, triggered apps, a couple layered apps that can run between the two, etc) can be in any language, provided they talk the protocol of the database (which is not open, thus the reason you have to use their SDK, API, and.Net SDK).
I'm not sure what applications your working with, but in our world it is not required that you move the backend database to a new language when you move a single front-end application to a new language (or develop a new product in a new language). Wonderware has.Net applicaitons on the market and in use already, they just have plans on moving more of their products that direction as a general directive, which is why I said they were in the process of the move.
I would love to see some manufacturing system tie-ins from python, it happens to be one of my favorite languages, however I doubt I will see it any time in the near future.
These systems aren't specific to the nuclear industry, the same company that owns the nuclear plant I mentioned also owns 19+ (my memory is hazy, think thats right) gas turbine plants. All of them ran combinations of software from the above technologies/companies as well as more (Honeywell, Rockwell, GE's stripped down PI server, WES on solaris, etc etc). Larger manufacturing companies (whether paper, power, tire, widget, whatever) can afford more expensive solutions or can build their own or have something they bought ten years ago and have been customizing, smaller companies generally pick cheaper packages. Some manufacturing companies even can pick packages specific to their smaller fields (like Mattec) that are more complete tools built to their specific needs in their market. Cost is never secondary, but is always a business analysis of cost vs risk. And no one said the cheaper tools were inferior. In the case of OSISoft's PI system compared to Wonderware you have a system that can handle recording 200,000 data points per second vs 50,000 (? May be wrong, this was off the benchmark from InSQL 8 SP3 notes I think, haven't looked at InSQL 9 yet). Plus OSI been at the top of a vertical market longer, while Wonderware is trying to catch up. So maybe the question isn't which is more stable, but which fits my business model better. Maybe PI has a feature I would like that Wonderware doesn't have, but the Wonderware price point fits better and I can live without the feature in question. (For the record, I like PI's historian better than InSQL, just making a point).
As far as your question, I don't know, what does the media do? I have yet to see anything, but is this because it wasn't newsworthy or because somehow not a single windows computer ever crashed in a nuclear power plant? Or maybe I just missed the headline that said "Windows computer crashed in power plant and, uh, well nothing happened". How often does it make the news when a manufacturing plant loses data monitoring for the EPA? Maybe when it gets past the fine-per-hour to the jail time point, but again, not a big deal (to the news thatis) unless their are massive explosions, leaks to the general population, etc.
And to answer your debate that you didn't want to go into, who in their right mind would use windows PC's to control a nuclear power plant and NOT plan for crashes? Actually, a better question is who would use any computer and not plan for unscheduled outages? And if 14 gas turbines can be outfitted to not do anything bad to the local power grid when the control PCs go down, who in their right mind would leave a Nuclear reactor unprotected when they are watched even more critically?
And, though I have seen a company control their lines directly from a computer, generally you have PLCs as an intermediary with their own programming to handle the lower level tasks and safeties (not to mention mechanical safeties that trigger equipment shutdowns and such). So while losing the PC or server to a blue screen is not a happy thing, it isn't an immediate need to evacuate the plant either.
Huh, ok, I wasn't aware of that:) Sorry, my work at the nuclear reactor was fairly limited, basically consisting of working on two small projects because the guy that would usually handle that one was already out of state on another one. He would probably be shaking his head at me right now:P I know some (general) stuff about the controls at that one strictly from having worked in close proximity to the equipment, but my actual nuclear knowledge is a little stunted (so many interesting subjects to read about, so little time....)
In the couple years I was at one plant I saw several leaks that made it to the systems room we worked in. They finally put in a chlorine detector (near the ceiling...uh, ok then) and then shortly before I left found out the filters that were supposed to be protecting us from the chlorine that was present damn near all the time hadn't been replaced in almost a decade... (Now that you mention it and I checked a little, I recall that the leak I mentioned above was H2S and I misquoted the ppm for killing nose, been a while since I took that test and I'm not in that industry anymore, the proper value looks like 300ppm to kill nasal receptors)
Granted, that location was only one example and it was probably the worst one I had seen out of the 5 or 6 I worked, but the fact that there is one in that tightly a regulated community still bothers me. Heck, I remember the first time I visited GP Savannah and how surprised I was when I got out of the car and couldn't smell anything paper-millish:P (they only pulped for recycling as well as being very newer).
It doesn't bother me as much to see a commodity OS on the process side, but maybe thats because I have only been in it for a few years, so it's becoming more the norm. My personal pet peeves are not being allowed to disconnect a process network from a business network, or at least limit it in such a way that there is only one physical connection in. The other one is the systems admins that keep trying to convince me that we need to install 2003 server on the newest box and refuses to listen to my reasoning on why to not adopt the newest bestest thing out (with only 3-4 soon to be released, sure to kill your apps, SPs to go).
How about OSISoft, creators of the largest, most expensive data historian (that I am aware of). They have several client apps and service-based things that are built in.Net. They have a.Net SDK. They don't write their historian or interfaces in.Net (at least they didn't a year ago). Everything on the control side is non-.Net, everything on the client side is moving to.Net.
How about Wonderware, another prevalent suite of process control and data tools. They are moving to.Net also, ad you can set your local plant up with this for under $100k (unlike PI which I think starts at $150k without client tools).
How about all of the.Net OPC tools out there? Many control system devices can talk OPC now (it's an open standard) and there are tons of tools that will collect data from them or allow read/write connections, many in.Net. Several OPC.Net SDKs are out there for sale to let you write your own.Net software that ties into your process data.
And yes, I know for a fact that the nuclear power plant about 20-30 miles from me has.Net software on their process network. Course, last time I was there they also still had windows NT boxes on the process side (they have since upgraded to 2000 though, they stay 3-4 years behind on purpose).
How about Mole? I have no clue what is running to actually collect the data (I did at one time, but it's been a while). It uses a SQL database as it's historian, so I would be incredibly surprised if someone wasn't developing or running some.Net apps that tied into it.
As far as fear of nuclear plants goes, I don't have much. My fear is paper plants. Especially old paper plants that run the entire process from wood chips to paper. I'll never forget almost being forgot in one of the control rooms the day before christmas when they were evacuating half the plant due to a chemical leak...I don't remember what it was now, except that it was insanely deadly, in extremely small doses (.5 ppm?) it would kill your nasal receptors in a few seconds, so while it wasn't odorless it wasn't exactly something you could smell either...not to mention that that same small dose was capable of killing, not just you, but the person that tried to save you (clothing, skin contact), etc. There wasa case at a paper plant in SC or georgia where 5 people were taken out. Two ambulances took two of them each, bythe time they gotto the hospital the medical personal were already showing symptoms. The 5th guy was taken by his boss who had followed some safety procedures (get rid of the clothes, wrap in another cloth, then go to the hospital) and they still had to replace the backseat of his car...
Lastly, it would take a lot more than a computer crash to take down a reactor in such a waythat it would go critical, somehow ignore the multitude of safeguards, etc. I'm not sure you could purposely cause tht to happen, as so many safeguards are engineered in (there is no "Make it go boom" button). On top of that, there is a significant difference between sending a set of commands to a specific device in it's manufacturers specific protocol for that device and sending a burst of gibberish. What you do lose is some of your monitoring. I don't know as much about the monitoring at nuclear plants as I didn't work on that part at all, but at standard turbine plants they have two systems, the computers in the control room (Windows, Solaris, VMS, whatever) and either whatever equipment is left form the 50's (analog (pneumatic?) equipment, yes it's still out there) or LCDs. Either way it runs completely seperate from the data control software and systems.
Slashdot Mirror
The scariest thing is that MS has lowered the educational bar, so to speak, to the point where people believe that they were finally innovative in the creation and/or spread of the cash before quality business plan...
Did this strike anyone else as funny?
I mean, the implication is that there is a shortage of kids for adoption, but...yeah.
In order to even create a buffer overrun you would first need to kill the corporate historian and the secondary corporate historian after monitoring some data flow to see whats going across the wire. Ok, so now you need to write an app that sends data in a similar fashion as the historian, since the only communication going back down the wire to the plant is a series of acks and tagnames for which you want data. For completeness you restart the server and capture the opening few packets that are sent to it and the acks that go back, as the plant's historian interface only sends data when it knows the target corporate historian is up. Oh, and to give yourself more than 5 minutes to work on the sstem, you also monitor and duplicate all queries that are coming in to the historian, because several of those are tied to monitors that will start firing off SMS messages and such. You could just take down the mail servers, but that would be kind of noticeable.
Ok, so you fire up your program and start trying to exploit the remote system by sending large acks, illegal arguments, whatever. We'll assume for the sake of argument that you have found some malformed argument that the interface won't choose to ignore. Maybe the interface crashes and restarts a few times, no big deal. Absolute worst case? You manage to crash it a few times. Your not going to get a magic shell prompt through this app, the capability does not exist for it to execute commands on the local box, and the only thing it is capable of doing is requesting tag data from the plant historian (in a seperate thread). Send it requests for 100 tags that don't exist? It will query the plant historian and throw them out. Send it requests for badly formed tagnames? They will never make it on the list used internally that it queries from the historian. The worst that happens to the plant historian is that it receives multiple connect requests from the interface (if your crashing the interface) or that it receives a bunch of bad tag requests. That interface cannot be crashed often enough to flood out the historian and bad tag requests happen all the time.
The best you could do here is cut the information flow, which you could have done by getting inside the corporate LAN anyways.
You imply that there is a core set of systems that everyone is using. This is true, but only if you define "core set" as hundreds. I can think of 4 historians off the top of my head. Those historians can use any number of software interfaces to connect to more device specific software. For every device protocol there are at least 5-6 times as many software packages. Not to mention how many types of devices are out tere and how many protocol flavors there are, even of the non-proprietary open ones. What is your group of hackers going to do, download every single kepware driver and then start hacking corporate america, hacking historians, until it finds one of the multitude they offer? The system I dislike the most, Wonderware, has six modbus drivers available, plus the new DA servers. Not to count the previous versions that people could be running. Not to mention the fact that you could use one of the OPC interfaces (or third party software) and an OPC->Modbus interface.
I use Bitpim formy current Verizon/LG phone. Have another app that I use for the Nextel work phone. I think my two previous phones I didn't bother with apps and just dropped stuff on my webserver with a tiny menu and downloaded from there.
Generally for every phone out there someone has figured out a way around any built-in protection. The thing that always pisses me off is that the phones are perfectly capable of being hooked up to a data cable, it's just that in many cases they are neutered (the nextel phone needed a nextel subnet in the hosts file and a specific web address with SSL that responded as if it was Nextel).
My second to last sprint phone was the one that annoyed me the worst. I was sold a data cable specifically because I planned on trying to write some small java apps for the phone. Then I found out that the data cable was just about useless and that I had to upload the program over the air every time I wanted to ty to run it. In fact it pissed me off enough that I ended up not even mesing with it.
In any case, there are a couple good sites out there that outline what you need for particular phone models/vendors. HowardForums is one I end up at quite frequently. Generally you will probably be able to find a forum or site specifically for your phone model or model family as well.
To anyone else that bothers to reply to this:
Don't bother with it. It's part of a string of stories this poster post around the internet, hoping to get some semblance of attention. Hitting google I see this exact story has been posted multiple times on Slashdot, kuro5hin, digitalmob, etc.
He is likely just paid to keep posting the same story over and over again. Similar to the post about the female business owner who found open source more expensive. That one pops up fairly regularly too.
Unfortunatly this guy is not paid for imagination, so the story doesn't even change over time...
I was with you up until the career path portion.
When I was in college we made fun of IT (and MIS for that matter). We were programers, aspiring software engineers. What I have since learned is that IT does not just cover the people that fix the hardware, install the software, maintain the network, etc. Currently our IT department consists of 4 or 5 first level people who do engage in those types of responsiblities. We also have our network admin, systems admin, database people, etc. However, we then have two fulltime developers who work on everything from software development to rapid reverse engineering on the legacy applications that have no documentation and a tendancy to break when a mouse sneezes down the road. Additionally we have two more developers that work strictly on the database and reporting side. Personally I consider what I do (most days) to be software engineering. Except that most of the time I have to be proect lead, developer, tester, etc all in one. But our in house software still has to work at 3-4 seperate companies in 7-8 locations, and we have a long way to go befoe those systems are homogenous. Thi isn't one-off, hackish, compile-it-on-the-customers-box software. Part of the beginning of the year will be spent adding French to several applications before they go overseas.
The point being, IT is not just fixing computers. When I decide to move on from this position I will be able to put half a dozen systems on my resume plus I will be able to say I integrated software with a dozen differant technologies. On top of that, there are positions up the ladder that have nothing to do with IT. The president of one of our companies used to be the director of IT. Our current director of IT is the guy I go to when I sit down to try and write something in Perl (I lose the mind set after a while), but he is also the guy that golfs with the president of the company we have our offices at (not the former It director either).
I don't know what your goals are in life, but if your eventual goal is to find a cubicle and spend 6 months working on 1/200th of a project, working your way up to a position were you can be project lead for 1/20th, good luck. Me, I'm going to design my own software for a while, in the hopes that that will lead me more quickly to my goals. I may not be writing the next ERP system, or rather 1/200th of the next ERP system, but I like being able to put my name on the design and testing of projects.
oh, and to bring it more in line with the article: I wear khakis most days or slacks. Never a t-shirt. Jeans on fridays for unofficial-jeans-on-friday day. My customers see me every day, and I definately agree with your thoughts on that.
I don't see how this would be differant than any of the other multitude of anti-spyware apps. Any one of them, during the time in their life when they were at the peak, could have done the same thing. In fact, maybe they did and thats why we all moved to the next best anti-spyware app.
Although according to our records it looks like you are still running your old anti-spyware software. But you don't need to upgrade. Also, it looks like your recycle bin is full again, you might want to empty it.
I think the legal source code ownership played a key role here. There is a big difference (relative big-ness is up for debate of course, or should be) between buying the source code and buying a product that utilizes the software. Same with people who earlier posted about trying to undo copy protection on CD's. In this case the company was supposed to legally own the source (or so I surmise) and therefore was trying to circumvent their own software. Now, whether they knew this was the case or believed they didn't legally own the software is of course a differant matter that probably could not easily be proven one way or the other.
Yes, because we all know that only MCSEs and Microsoft fanboys would ever care about a development tool on a Microsoft platform. Everyone else has freed themselves from the tyranny and evil that is Microsoft. Real geeks wouldn't touch their products with their cubemates yard stick, except maybe to push the LiveCD into the tray, and even then the yardstick would have to be ritually burned. It's a good thing we programmers determine exactly which servers a company will use and set all of the guidelines for the technology.
In other words, just because you feel that Windows and Windows-based software is a waste of time, doesn't mean that some of the rest of us are willing to treat programming as something other than a religion and take the time to examine other possibilities for a specific platform. But thank you for your input, it helps when I see a comment like yours first thing in the morning. It helps me keep perspective on my own dislikes, to remind me that even if I do have a Linux machine on my desk, I have not fanatically assumed that no good software could be written on another platform. Maybe that puts me further back in the line for the kool-aid, but I like to think it puts me closer to the real programmers who are interested less in the platform and more in what can be done with it.
Are you saying that all kids that are accelerated into physics burn out fast or that just plain all physicists operating at that level burn out fast?
My father is fairly recognized in the wave theory field, having been invited to talks all over, published quite a bit (really published, not just publish or perish pieces), gets Christmas cards from some notable people in the field, even has done something for the government (I dunno, it was two weeks or so that he can't talk about that he spent underground) and some other, stranger, invites. I am not a physicist so I couldn't tell you truly what level he is at in the food chain, but he seems to be near the top or middle-top of his particular field (wave theory, specifically soliton waves I think).
My point in all this is that I could see someone burning out if they hit it too early, but he (and many of his colleagues) just seem to keep going. He enjoys filling the board with mystical symbols as much as I enjoy filling it with programming constructs. I don't see him getting burned out on it. Sure he has the occasional phase of it, I think we all need the occasional break where we focus on something else for a while. Plus he puts a lot of energy into teaching (2 or 3 excellence awards for it this year), but I cannot believe he is the only physicist/mathematician (or really any scientist) that devotes this type of energy and time to his work and keeps on going.
So, like I said, I don't know what you consider best, but I know for a fact he has been doing this far longer than 5 years, as have colleagues of his in multiple parts of the world. And I know one example doesn't make a proof, and I do have a lot of respect and pride for him, but I can't believe that everyone else in his field gives up after such a short period of time.
In a way, Walmart has a guarantee too. It's called:
"If we found out some other retailer is getting a cheaper price on something from the same distributor/manufacturer, our purchasing price will drop below theirs retroactively"
Basically if you (as a manufacturer or distributor) want to do business with Walmart you have to sign a contract (standard operating procedure). That contract states that if you sell a product to another company for less than x cents more then what Walmart pays, Walmarts purchase price will retroactively drop to x cents below that purchase price, dated back to the first purchase by the other company at the reduced price.
This is how they keep their prices down. If you want shelf space at Walmart, you sign the contract with that clause in there. So they do start with a lower price/part then their competitors. The best the competition can do to get a better deal is to buy something similar from a differant manufacturer, buy it at a more expensive price and charge the least possible markup, or buy it from some guy with a warehouse that is completely out of the normal supply chain.
Take it one step further. If a book can be copyrighted AND it's storyline patented, how long will it be before the MPAA gets some movie storylines pushed through? Quickly followed by patenting some portion of lyrics or a song by the RIAA?
Think how much worse off all this stuff will get when they start trying to hitpeople with copyright infringement AND some sort of trade secret clause or violation ofpatent, or some junk lie that. Sure it seems pretty out there, butthen everything that they have done in the last 5 years would have seemed way out there from the viewpoint of the mid-nineties.
Except for the fact that Microsoft is an international company and already deals with the more restrictive UK privacy laws. Honestly I think it is just a matter of consistency. Consider, right now they have to deal with 50 differant sets of laws whereas a set of federal laws would reduce that to one major set (for the USA that is). Lowering the complexity of the market is, in itself, good for Microsoft. If nothing else, thats almost all of one department of lawyers and interns that they will be able to free up in their budget :P
While I am usually the first (here at work anyways) to complain about IE's innumerable issues, it also is not really that difficult to make a standardized page that displays correctly in multiple browsers (including IE).
There is the occasional extra line break that shouldn't be there, or an extremely minor difference that is only viewable when switching rapidly back and forth between browsers, but overall the simple layout you have chosen should easily be implementable in all major browsers...especially with the tables you have used for your layout.
I was going to post a quick fix until I actually saw more of the source. You do realize that about 20% of your CSS is just increasing the download time and just being overridden when you redefine the same attributes a few lines lower, right?
And it actually looks like you have, in several cases, used errors in Firefox rendering and are now complaining that IE didn't make the same errors.
And right now a co-worker is laughing at me for what he sees as a defense of IE.
Look, it's not hard to make a simple layout that works in all browsers. You attempted to over-complicate it, couldn't manage to hack it into working on multiple browsers, then gave up and simply made a stand against IE. My advice weould be to rewrite the layout from scratch. Dump the repetitve CSS, dump the tables, dump everything. Then from scratch build up the layout.
I know you don't seem to like the 4-layer approah, but you should check out Jinzora. Several of us have been setting up music servers at home recently based on that. Granted you still have the 4 layer issue, but the upside is that it is fairly easy to create custom playlists (and save them for later), the search bar will search on song info or even downloaded metadata (is there cover art on the iPod? with album descriptions? With band art? with band descriptions?), and you also have various types of lists built as you listen to music. i haven't used it long enough to know if it visibly keeps scores on everything, but it seems fairly solid already, so I wouldn't be surprised if this was in the future (if it'snot already in there).
:)
:P
Also handles jukebox or streaming and I believe that podcasts are either just around the corner or somethng we overlooked (since none of us have an iPod but I was persuing the code).
When I finally get time to set up my Myth box I fully plan on putting Jinzora on the backend server as well. one of my friends already has it setup and is a few parts away from integrating it into his house system. He's tying the RF remote in and basically will be routing the jukebox to the upstairs and outdoor receiver via optical, then tying in the other computers in the house simply by setting them up to stream. Ripping all his CD's in flac (it will auto-transcode for you).
My fiancee has an iPod, she hasn't seen this yet but I'm betting she'll like a central music server of losslessly recorded musc a lot betterthan the 20GB of music she can carry now...especially considering it has a web interface and you can configure your own key bnds forthe interface (which means that binding, say, an RF remote to the interface is going to be much much easier).
Anywas, completely OT but it was the first thing I thought when I read your post
Oh, linky for easier access: http://www.jinzora.com/
* dislaimer: I am in no way affiliated with this product, except for having posted on a forum once about apiece of debug code they accidentally left in a release. So, like I said, not affiliated
Hmm, and I always thought those types of ads were just a bad sign about their management or HR deptartments. Maybe we should all start responding to them when we see them. If we all sent an email to ad's like that trying to correct their misunderstanding of what a proper payscale is, it would really screw up the "we don't get no responses" ratios that company was trying to prove :D
Oh, but we all know that if we had only had a legal subscription service earlier, there never would have been a need for people to create other systems. That niche would have been filled and we would all be paying for the legal subscription service.
...etc and so on. Basically it would be impossible to remove the desire for a better or differant product from the entire populace and the process of moving to a subscription model would likely have been treated exactly the same as what really happened.
And if Microsoft had managed to create an OS before the free BSD's or Linux then no one would ever...er, oh, wait...I guess that happened didn't it...
Look at all of the software on the market. There are always going to be other companies that will wan to create a similar product, developers who feel there are things missing and start writing their own, etc. I don't think a single thing would be differant if Napster had picked up subscription capabilities. Other alternatives would still have come up to replace missing fnctionality, etc. The only way I could possibly believe that Napster would have the last P2P application is if they had managed to convince every single user, deeloer, and business that the technology and idea could go no further, that it was useless, that it was a waste of time and money,
I have DamnSmallLinux on mine. Uses about 120Mb and it runs in an emulator window (qemu, based on bochs) or can boot (provided the PC can boot off USB). That 120Mb contains the base image (~50Mb I think) and a virtual harddrive that i have since been adding to. Email, web, FTP, SSH, editors, Samba, wireless, the list is fairly long. Benn thinking about setting up point to point tunneling to my home server to extend it's usefullness even more...
So in a shorter description, what happens is that:
1) you determine how many groups of 8 you will need, rounding up to count the remainder block as well (if there is one)
2) code enters switch statement based on the remainder value, hits the correct case and falls through (note that if there was no remainder we start at the top of the cases and fall through, consuming an entire 8 block)
3) code hits the while, decrements the number of 8 blocks (as we just finished off the partial "remainder block")
4) return to do, fall through to finish this 8 group
5) loop back to 3
Took me a few minutes of staring at it (and I admit, some tme looking at above descriptions) to get over 4 years of no C in my diet, but now I have to admit that is beautiful.
Sorry, I want to respond but I can't stop laughing...
Thank you for taking apart my post, you have added a great deal of value to this whole section.
.Net SDK actually uses their communications protocol. In fact that previous-to-.Net SDK and API were in C. The applications they have are all either C with .Net front-ends or 100% .Net.
.Net for efficiency and speed as well as because the database started in the 80's. The tools on the other side of the database (users tools, triggered apps, a couple layered apps that can run between the two, etc) can be in any language, provided they talk the protocol of the database (which is not open, thus the reason you have to use their SDK, API, and .Net SDK).
.Net applicaitons on the market and in use already, they just have plans on moving more of their products that direction as a general directive, which is why I said they were in the process of the move.
I added a "that I am aware of" simply because I am willing to admit that I don't know all of thesystems out there andthere may very well be a system that does the same thing and costs more. I seriously doubt it, but I was leaving it open.
The
The PI suite is actually made up of a data historian, any of over 100 client interfaces that tie into various manufacturers hardware, and then a large number of client tools for people to view and manipulate data as well as numerous oter tools that act on the data (such as triggered applicaitons and such). The actual database and hardware interfaces are not
I'm not sure what applications your working with, but in our world it is not required that you move the backend database to a new language when you move a single front-end application to a new language (or develop a new product in a new language). Wonderware has
I would love to see some manufacturing system tie-ins from python, it happens to be one of my favorite languages, however I doubt I will see it any time in the near future.
These systems aren't specific to the nuclear industry, the same company that owns the nuclear plant I mentioned also owns 19+ (my memory is hazy, think thats right) gas turbine plants. All of them ran combinations of software from the above technologies/companies as well as more (Honeywell, Rockwell, GE's stripped down PI server, WES on solaris, etc etc).
Larger manufacturing companies (whether paper, power, tire, widget, whatever) can afford more expensive solutions or can build their own or have something they bought ten years ago and have been customizing, smaller companies generally pick cheaper packages. Some manufacturing companies even can pick packages specific to their smaller fields (like Mattec) that are more complete tools built to their specific needs in their market. Cost is never secondary, but is always a business analysis of cost vs risk. And no one said the cheaper tools were inferior. In the case of OSISoft's PI system compared to Wonderware you have a system that can handle recording 200,000 data points per second vs 50,000 (? May be wrong, this was off the benchmark from InSQL 8 SP3 notes I think, haven't looked at InSQL 9 yet). Plus OSI been at the top of a vertical market longer, while Wonderware is trying to catch up. So maybe the question isn't which is more stable, but which fits my business model better. Maybe PI has a feature I would like that Wonderware doesn't have, but the Wonderware price point fits better and I can live without the feature in question. (For the record, I like PI's historian better than InSQL, just making a point).
As far as your question, I don't know, what does the media do? I have yet to see anything, but is this because it wasn't newsworthy or because somehow not a single windows computer ever crashed in a nuclear power plant? Or maybe I just missed the headline that said "Windows computer crashed in power plant and, uh, well nothing happened". How often does it make the news when a manufacturing plant loses data monitoring for the EPA? Maybe when it gets past the fine-per-hour to the jail time point, but again, not a big deal (to the news thatis) unless their are massive explosions, leaks to the general population, etc.
And to answer your debate that you didn't want to go into, who in their right mind would use windows PC's to control a nuclear power plant and NOT plan for crashes? Actually, a better question is who would use any computer and not plan for unscheduled outages? And if 14 gas turbines can be outfitted to not do anything bad to the local power grid when the control PCs go down, who in their right mind would leave a Nuclear reactor unprotected when they are watched even more critically?
And, though I have seen a company control their lines directly from a computer, generally you have PLCs as an intermediary with their own programming to handle the lower level tasks and safeties (not to mention mechanical safeties that trigger equipment shutdowns and such). So while losing the PC or server to a blue screen is not a happy thing, it isn't an immediate need to evacuate the plant either.
Huh, ok, I wasn't aware of that :) :P
Sorry, my work at the nuclear reactor was fairly limited, basically consisting of working on two small projects because the guy that would usually handle that one was already out of state on another one. He would probably be shaking his head at me right now
I know some (general) stuff about the controls at that one strictly from having worked in close proximity to the equipment, but my actual nuclear knowledge is a little stunted (so many interesting subjects to read about, so little time....)
In the couple years I was at one plant I saw several leaks that made it to the systems room we worked in. They finally put in a chlorine detector (near the ceiling...uh, ok then) and then shortly before I left found out the filters that were supposed to be protecting us from the chlorine that was present damn near all the time hadn't been replaced in almost a decade...
:P (they only pulped for recycling as well as being very newer).
(Now that you mention it and I checked a little, I recall that the leak I mentioned above was H2S and I misquoted the ppm for killing nose, been a while since I took that test and I'm not in that industry anymore, the proper value looks like 300ppm to kill nasal receptors)
Granted, that location was only one example and it was probably the worst one I had seen out of the 5 or 6 I worked, but the fact that there is one in that tightly a regulated community still bothers me. Heck, I remember the first time I visited GP Savannah and how surprised I was when I got out of the car and couldn't smell anything paper-millish
It doesn't bother me as much to see a commodity OS on the process side, but maybe thats because I have only been in it for a few years, so it's becoming more the norm. My personal pet peeves are not being allowed to disconnect a process network from a business network, or at least limit it in such a way that there is only one physical connection in. The other one is the systems admins that keep trying to convince me that we need to install 2003 server on the newest box and refuses to listen to my reasoning on why to not adopt the newest bestest thing out (with only 3-4 soon to be released, sure to kill your apps, SPs to go).
How about OSISoft, creators of the largest, most expensive data historian (that I am aware of). They have several client apps and service-based things that are built in .Net. They have a .Net SDK. They don't write their historian or interfaces in .Net (at least they didn't a year ago). Everything on the control side is non-.Net, everything on the client side is moving to .Net.
.Net also, ad you can set your local plant up with this for under $100k (unlike PI which I think starts at $150k without client tools).
.Net OPC tools out there? Many control system devices can talk OPC now (it's an open standard) and there are tons of tools that will collect data from them or allow read/write connections, many in .Net. Several OPC .Net SDKs are out there for sale to let you write your own .Net software that ties into your process data.
.Net software on their process network. Course, last time I was there they also still had windows NT boxes on the process side (they have since upgraded to 2000 though, they stay 3-4 years behind on purpose).
.Net apps that tied into it.
:P
How about Wonderware, another prevalent suite of process control and data tools. They are moving to
How about all of the
And yes, I know for a fact that the nuclear power plant about 20-30 miles from me has
How about Mole? I have no clue what is running to actually collect the data (I did at one time, but it's been a while). It uses a SQL database as it's historian, so I would be incredibly surprised if someone wasn't developing or running some
As far as fear of nuclear plants goes, I don't have much. My fear is paper plants. Especially old paper plants that run the entire process from wood chips to paper. I'll never forget almost being forgot in one of the control rooms the day before christmas when they were evacuating half the plant due to a chemical leak...I don't remember what it was now, except that it was insanely deadly, in extremely small doses (.5 ppm?) it would kill your nasal receptors in a few seconds, so while it wasn't odorless it wasn't exactly something you could smell either...not to mention that that same small dose was capable of killing, not just you, but the person that tried to save you (clothing, skin contact), etc. There wasa case at a paper plant in SC or georgia where 5 people were taken out. Two ambulances took two of them each, bythe time they gotto the hospital the medical personal were already showing symptoms. The 5th guy was taken by his boss who had followed some safety procedures (get rid of the clothes, wrap in another cloth, then go to the hospital) and they still had to replace the backseat of his car...
Lastly, it would take a lot more than a computer crash to take down a reactor in such a waythat it would go critical, somehow ignore the multitude of safeguards, etc. I'm not sure you could purposely cause tht to happen, as so many safeguards are engineered in (there is no "Make it go boom" button). On top of that, there is a significant difference between sending a set of commands to a specific device in it's manufacturers specific protocol for that device and sending a burst of gibberish. What you do lose is some of your monitoring. I don't know as much about the monitoring at nuclear plants as I didn't work on that part at all, but at standard turbine plants they have two systems, the computers in the control room (Windows, Solaris, VMS, whatever) and either whatever equipment is left form the 50's (analog (pneumatic?) equipment, yes it's still out there) or LCDs. Either way it runs completely seperate from the data control software and systems.
Sorry for the extra ramble