Slashdot Mirror


User: vlm

vlm's activity in the archive.

Stories
0
Comments
8,750
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,750

  1. Re:Why drill all those holes? on Can Open Source Hardware Feed the World? · · Score: 1

    Welding joints are harder to repair.

    And harder to reuse the parts in another project once you're permanently done with the gadget.

    Cutting steel to a smooth burr free perfectly square exact dimension is a lot harder and/or more expensive than drilling a buncha holes.

  2. Re:Grid-Beam on Can Open Source Hardware Feed the World? · · Score: 1

    I've been thinking about how to build an automated rig to drill the tubing. It would use up drills and cutting fluid, but maybe it would be possible to drive the price down.

    The thing to google for is "CNC milling machine". I have a (small) one in my basement. Its a load of fun and can do a whole heck of a lot more than drilling holes.

    Also high quality steel tools in aluminum basically never wear out. Maybe in a high speed production setting... And cutting fluid is usually captured in a sump, filtered, and reused. Its an unholy mess so I don't use cutting fluid. Doesn't matter if you work slowly, and seeing as its automated and I have no capital loan to pay off...

    You'll find dimensional uniformity is going to be the challenge. Grab four random pieces of 80/20 or whatever, will any random integer number of holes have equal spacing on all four bars? Dimensional uniformity, and elegant surface finish for the artsy architecture crowd, is where all the money goes.

    80/20 is a commercial version of your grid beamer concept, the website is hilarious, guys making $20 walmart bookshelves using $250 of 80/20 parts...

  3. Re:Their business, their rules. on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    But I can't imagine any decent business being run while allowing any employee to run any server they want behind their firewalls without at least some oversight.

    How bout being a radiologist at a hospital, and the head of the radiology dept buys a GE MRI machine and tells the IT dept, "there is the ethernet jack, now give it access and get out of the way". Ditto the cancer radiotherapy particle accelerator, the FDA and NRC required dosimeter monitoring system, etc.

    After that works beautifully a couple zillion times, radiologist gets the idea of a calendar server... Its not that far of a stretch to go from "the MRI has an integrated FTP server" to "calendar / FTP / whatever..."

    I can't believe I'm the only guy on /. who has worked for decades ONLY at places that all coincidentally have "engineering networks" "production networks" all of which are full of special weird technology and are absolutely IT-hands off. IT is for replacing gummed up mice, installing MS Office, pulling cat-5 cable, and "reghosting" a PC when it gets a virus... not reconfiguring SCADA networks, programming automated 200 foot long printing presses, fiddling with the automated tape robot kinematics subroutines, applying software upgrades to megawatt class diesel generator engine controller / monitor systems, or screwing around with customer data. At one ISP, we had one IT team that ran our internal mail server, and another totally separate team running a email infrastructure that was literally about 1000 times bigger for customers and neither was ever allowed to touch each others separate infrastructures. I.T. guys know what a cat-5 ethernet is... not a OC-192 sonet ring full of customer traffic...

    Seriously, are there are "technical" places where "I.T." guys have full control of the motor pool's engine computers, and the fleet mechanics are fired if they touch a ODB-II code scanner, only IT guys are permitted to clear engine fault codes? How about a development site, do I.T. guys get full root access to the FPGA based routing products that are currently being developed by engineering, during the development process?

    At the places I've worked, the "I.T." guys have been very happy to have a clearly defined written demarc point of supplying generic office computing resources and not one step further.

  4. Re:Obvious question from their perspective on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    Why does a server that is not owned or managed by the IT department exist inside the firewall?

    In my workplace that's a sacking offence.

    You guys don't have modern ethernet connected xray machines, or modern MRI machines? You've gotta be even crazier to give the average off the shelf techie root access to a FDA regulated nuclear physics control system... Some idiot trying to upgrade the virus scanner on the xray machine could quite literally kill a patient or quench a MRI magnet (big $$$ mistake but usually doesn't hurt anyone directly).

  5. Re:I dunno on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    But instead of asking "should I give IT a login account on a server that is not owned or managed by them?" perhaps you should ask "should I give IT a login account on a server that is on their network?"

    It becomes a lot less clear in that formulation, huh?

    This is a radiology department, not a generic paper shuffling department. Should random IT dudes get an account to remotely aim the xray machine, or activate the particle accelerator? As if a random IT guy could even work "around" a MRI without somehow killing themselves or a patient by using ferromagnetic tools... Most places I've worked have always had "production" money generating devices that happen to have ethernet ports. They live on their own distinct network with their own support people, with a clearly defined demarcation point, although we sponge off the building's electricity and internet access. Really they should buy their own inet connectivity and be done with it, but someone at corporate always demands the entire buildings inet access flow thru the same single point of failure firewall, so we gotta share and cooperate...

    Random IT dude should not be able to log in to or otherwise F around with FDA regulated nuclear physics treatment devices. On the other hand a calendar program is kind of pushing the limits of what belongs on the isolated production network. Maybe if the calendar program were directly integrated with the control system of the xray machine, somehow...

  6. Link to pics? on Hacker Claims He Broke Into Wind Turbine Systems · · Score: 1

    Anyone got a link to the actual pics that the article merely talks about? Would be hilarious if he's trying to pass off vendor instruction / tech manual screen shots as his "proof".

    The guy could have caused a heck of a lot more disruption if he knew he was going to be canned and collected his screenshots first... You can imagine the extremely expensive chaos if he later publishes screenshots of a system that in fact cannot be remotely broken into. Millions of dollars spent trying to figure out how he got in, when he never did. The comedy might come later when they discover its actually wide open after all. Would that be considered ironic in the real sense, or only in the angsty music sense?

    Another question is what does a typical SCADA do at a windmill? Can anything really bad happen? I'm guessing the inputs will be RPM, transmission oil temp, windspeed.... maybe temperature to detect icing conditions (err does it ever freeze in FL?) ... maybe some vague vibration sensor thingy to detect damage... The outputs at a windmill SCADA are maybe AoA of the blades if they're dumb enough to control that remotely instead of internal to the control system, and probably a braking system to shut er down remotely. What I'm getting at, is theres not too much possibility of damage here, compared to a refinery SCADA or ... pretty much any other SCADA installation I have heard of (in strong contrast to the ones I've actually worked with, that are pretty harmless). I guess worst case scenario is you could Possibly theoretically thru horrible system design allow someone to remotely reprogram the automatic blade feathering speed and next time a hurricane blows thru the blades could fly off, although that'll be blamed as an act of god rather than hack. Why you'd allow someone to remotely reprogram something like that is mystifying, sounds like engineering malpractice at the design phase to me.

    I'm sure there's plenty of fear mongering, like the SCADA could program the onsite R2D2 droid to use its arm to unscrew the bolts holding the blade to the hub, and BS like that, but is there actually any possibility of damage? I'm guessing no.

    Finally, not to violate any NDAs, but at one of the many telecom operations I worked for, we had a very elaborate and expensive SCADA system that was almost purely read only... Thousands of channels of read only data... temperature of all kinds of communications gear, humidity to detect rain leaks, nitrogen system pressure, essentially the worlds most expensive monitored door security system, voltage of pretty much anything that generates a voltage either for power or communications monitoring, alarm connections on all gear that has alarm relay outputs... If someone broke into that SCADA hoping to "blow up the phone company" they would probably be very pissed off that the only remotely controllable output was an indicator light (to be used as a morse code order wire if all else failed, also we periodically blinked those lights so the remote site techs knew if they saw it blink once in a while, the SCADA system was up, and of course the light shared the SCADAs power system to prove it even had power). I guess it could be considered confidential secret knowledge that relay rack #7 is running about 82 degrees F at this moment, if nothing else you now know we have at least 7 racks on site... but its not exactly going to destroy the world if anyone finds out it exists or that its 82 as opposed to 81 or 83 degrees. I'm guessing a windmill is equally hands off, there's just not that many knobs and levers to be controlled in person, much less remotely.

  7. Re:Brilliant! on Armenia Makes Chess Compulsory In Schools · · Score: 1

    I can't help but wonder, what will they achieve by being a chess superpower?

    Probably a heck of a lot more than being a soccer or american football superpower. Although greater than zero is not exactly a heroic achievement.

  8. Re:Brilliant! on Armenia Makes Chess Compulsory In Schools · · Score: 2

    A mass-produced chessboard with a set of pieces is like $0.30 imported in bulk from China.

    On a rainy vacation day I played a couple chess games using a single sheet of paper, and a pile of rocks. As you'll probably guess, the two lighter colored rocks with "B" markered on them are the white bishops, etc. Checkers and Go sets are even easier to make.

    Which is why this will NEVER be allowed in the USA... no way for the educational-industrial complex to make money.

  9. Re:well no shit. on How the Social Tech Bubble Is Different · · Score: 1

    paid very badly

    Paid a heck of a lot better than migrant farm worker, miner, sailor, or pretty much anything else at their level of educational and economic sophistication. Its very telling that manufacturing, in general, rarely if ever had to rely on prison labor or slavery, unlike, say, agriculture.

    As in all fields, there is a range of pay and working conditions. At one side, the guys just above the level of sweeping with brooms, whom get paid just a little more than a typical broom pusher... And at the other end of pay and working conditions, there are the aerospace tool and die machinists, the millwrights, the CNC repair technicians... And upward mobility was generally much more available than today.

  10. School cheating on Apple Wants To Store Your History In the Cloud · · Score: 1

    find what material was available at a previous time, and recover any or all of what once was there without having to use a separate recovery program

    I bet teachers will request / demand access to catch people whom commit academic dishonesty, then doctor the assignment or paper up to foil simple search detection.

    For example, if someone stole my line above, and then claimed this as their own writing:

    "In the I-enabled internet future, teachers will request or demand access to catch people whom commit academic dishonesty, then doctor the assignment or paper up to prevent simple search detection."

    Because I added and changed a couple words, the copier would probably not be caught. But if the professor had access to the earlier version and googled for it, they'd find my original post, and see how pitifully little work I did to doctor up the copy.

    I suppose if they take all the "whom"s out of my posts they should deserve an "A" anyway, but still, I'm trying to make the general point here...

  11. Re:Direct link on White House Releases Trusted Internet ID Plan · · Score: 1

    What part of that don't you understand?

    What they're plotting will not work for various basic computer science and security fundamental reasons, over extremely well trodden ground where success despite those odds would be staggeringly profitable and implementation would seem to be simple and cheap, thus extraordinary ROI, if it were only possible. Its the waste of time and money and/or security theater aspect that I don't understand or find very useful.

    Its "the internet" so people just nod their heads and defer to the experts. If it were an industry with a little less snake oil and had quotes like this, people would, correctly, just laugh:

    'the U.S. government will coordinate private-sector efforts to create a system than violates the third law of thermodynamics for the electric power companies

  12. Re:Sadly, I trust Verified by Visa more on White House Releases Trusted Internet ID Plan · · Score: 2, Insightful

    I trust VISA and my bank more than I trust my government.

    In a corporatocracy or fascistic capitalist system like ours, those two have merged together. Like saying you trust your right hand more than your left hand, or your political party is more trustworthy than the other political party, or like saying the fry cook is a much better cook than the burger flipper cook at your local mcdonalds. So that statement logically simplifies to ... nothing.

  13. Re:Hmm... on White House Releases Trusted Internet ID Plan · · Score: 1

    Say that I'm buying some booze online. You don't actually need to know my name, age, appearance, etc, etc. You simply need to know that my age > legal age and that my payment is valid.

    You also need to verify the shipping address is linked to your id, and not some teenagers address. Security; its always harder than it appears.

    There are about eighty zillion other "straw buyer" attack scenarios using valid auth credentials. There are also many orders of magnitude more "straw buyer" attacks that are possible with faked / stolen / impersonated / coerced auth credentials. At least some of those attacks can not be prevented, but can be tracked down afterwards, given "lots of info".

    There is some legal liability unless you gather all the info you can get... Unless you do that, someone could set up "MailBoozeToFifteenYearOlds.com" and intentionally "forget" to store all the information.

  14. Re:Why not ? on White House Releases Trusted Internet ID Plan · · Score: 1

    I have a hard time seeing how such a tech makes bad scenarios more likely.

    Think about a MITM attack implemented serverside on a weak server, proxying thru to a 3rd party strong server. The most secure system that uses a global auth system can only be as secure as the least secure system in the universe because the least secure system can get owned, have a MITM proxy stuck on it that talks to the most secure system.

    In even more detail, spelling it all out ... the "small town journal" newspaper installs global auth so letters to the editor cannot get forged in someone elses name, people can not vote multiple times in online polls, subscription renewal, etc. Since they're a small town journal newspaper, as the name implies, they don't care too much about security ... so ... some hacker could break in and falsely make someone unwittingly vote to select the official town pie flavor to be "sh!t sandwich" for the county fair, who really cares, no one would ever do that, so security on our server doesn't really matter, says the PHB, right? Until the newspaper server gets owned. Whoops. Now every time Aunt Mildred tries to click on a poll to select "apple pie", she logs in ... to something, but its not the newspaper, but the server side proxies a connection to connect to, for example, TBTF-Bank.com. If Aunt Mildred has an account at TBTF-Bank.com, then the proxy server at the smalltown newspaper is now authenticated as if it, were her. So all her balances are wired to some bank account in the Caymans. Ooops. When she calls to complain, there's even Federal Standard Proof that it was her who logged in and authenticated, at least until they notice the reverse DNS of her request came from... and even that can be worked around if you have a cooperative bot net where at least one bot exists in "cablemodem space"

    Because you can't assume there exists no server admin with an intellectual capacity of a sea slug or below, and there is no way theoretically possible to work around the MITM problem, you cannot use the system to auth anything at or above sea slug level. As a general class, this technology will never be used for much other than maybe some .gov sites, or reality show america's choice online contestant voting, etc.

  15. Re:Voluntary? LOL on White House Releases Trusted Internet ID Plan · · Score: 2

    It's going to be "voluntary", but soon enough legislation will be passed that makes it so "questionable websites", such as those associated with porn, will be mandated to require an Internet ID for age verification. And simultaneously the government will know what kind of porn you like to look at and can blackmail you whenever they see fit.

    You would think the nice heroically ethical guys at the ISPs and/or CC companies and/or tracking and marketing companies would have thought of this money making business model a long time ago... The lack of (known) implementations of this business model, indicates something about its likelihood of success.

  16. Re:OpenID ? on White House Releases Trusted Internet ID Plan · · Score: 2

    I just RTFA... and the only question that comes to mind is.... HOW IS THIS ANY DIFFERENT THAN OPENID ?!

    Let me give you a little analogy here, you know how your average high tech redneck installs drupal with a little apt-get install (more or less) but a govt install of a drupal site costs the govt $50M in consultative fees?

    Well, yer average high tech redneck would implement openid with a little "apt-get install libopenid-ruby" and, admittedly, some hours spent running vim, but this here is gonna cost the govt about $50M in consultative fees.

  17. Direct link on White House Releases Trusted Internet ID Plan · · Score: 5, Informative

    Rather than hittin a journalist site, go direct to the source at

    http://www.nist.gov/nstic/

    You can trust this isn't a rickroll or a goatse because I'm usin' my trusted internet ID of VLM

    The headline made me expect a detailed bit level cryptoanalysis of the new protocol complete with flowcharts, etc. Instead it seems to be the tech equivalent of a bunch of hippies high on weed sitting around a campfire and curing all the worlds ills by talking about them.

    More like "whitehouse releases a plan to create a plan for a trusted internet ID plan"

  18. Re:What... on Self-Wiping Hard Drives From Toshiba · · Score: 1

    RAID is not there to protect anyone from data loss

    2) Potentially less downtime on the occasional 1 (or 2 if you're using RAID6) disk failure.
    3) Potentially a higher MTTDL (Mean Time To Data Loss)

    Well, pick one or the other not both sides of the argument. Its a perfectly good strategy to protect against loss. Obviously not a magic bullet but it certainly works.

  19. Re:What... on Self-Wiping Hard Drives From Toshiba · · Score: 1

    He said that he never considered at setup that 2 disk drives might fail at the same time

    Two funniest failures I ever saw, in a gallows humor kind of way, one where the guy had a QUAD REDUNDANT power supply (all on the same power strip of course ) and lightning vaporized all his drives and of course all four supplies. He had backups, and a contract for 4 hour replacement on demand of ALL the drives, but some bean counter decided he didn't really need power supply coverage from the manufacturer. How often do power supplies fail, and after all we coughed up the dough for quad redundant supplies... Multi day downtime. These were external SCSI...

    The other one was the array where the cooling system in the closet failed over the weekend, and the first to die, of course, was the monitoring / paging system. Pagers were nice and quiet... Then all the drives simultaneously overheated and permanently burned out. All of them more or less simultaneously. Supposedly the first tech on the scene reported the hardware was hot enough for 1st degree burns (reddened skin for days) but not hot enough to raise blisters.

  20. Re:Enhanced Harddrive on Self-Wiping Hard Drives From Toshiba · · Score: 2

    This one is way cooler.

    It actually releases acid into the hard-drive platters:

    But is it RoHS compliant?
    My organization is "going green".

    Ever seen copper turn green with corrosion?

    A thermite charge big enough to get over the curie point would work just as well.

  21. Re:More info on Self-Wiping Hard Drives From Toshiba · · Score: 1

    Why not store the key in a small sector of nvram on the control board, that's what the iphone 4 and ipad do with their crypto key.

    No can do. Haven't met a SMD component yet that I can't desolder and I just do electronics as a hobby. Before people complain you can't do that with a $5 rat shack iron, the more money you spend at hakko.com the easier this is to do. I suppose if someone ever builds a nvram or flash in a BGA package or does some crazy bare die thing, it might cost as much as a new car, but I could theoretically do it. Pop that flash chip into an off the shelf reader and shazam you got the AES256 key.

    Then source an identical drive same model. Gain access to the donor. Doesn't matter if the donor key gets wiped. Swap drive control boards (you're gonna need some torx drivers, OK). Plug in the new drive and read the encrypted AES256 data. The key is "lost"... err... wait I guess you copied it out of the flash in the above paragraph... dd if=/dev/sda of=/tmp/powned.img Mount that image file using AES-256 loopback under linux and the key you found on the nvram and you're golden.

    Alternately, cut the I2C or SPI pins on the flash, and put your own special machine inline which bridges everything except "erase" commands. Bonus points if it reads out the AES-256 key as it sails by. Suspect the firmware doesn't care much about timing. If it does, there's ways around that, too.

    If they were wise enough to store the key in the partition table as I strongly suspect, and use off the shelf hardware with special control board and special firmware, if you can source an identical drive hardware assembly with a plain ole non encrypting control board and firmware, then the hack is a couple screws, a couple connectors, and some linux work at most.

  22. Re:What... on Self-Wiping Hard Drives From Toshiba · · Score: 5, Informative

    You had multiple disk corruption due to a common firmware bug on the drives themselves? That seems like its going to be pretty damn rare.

    Happens all the time because most RAID builders buy all their drives in one order from the same vendor. Heck they probably have sequential serial numbers. If there is a bug, they're going to totally lose that array because it'll hit all the drives.

    Let me guess, about a year ago or a bit more, he bought a set of Maxstor 541DX, Fireball 3, or DiamondMax Plus 8, the defect lists slowly started filling up, one drive finally failed outright, then during the restore/rebuild process multiple drives also failed because their defect lists filled up during the restoration, then the drive firmware literally crashed on the next boot leaving you with nothing at all but a set of paperweights that don't even show up in the BIOS list? Mmmm, just guessing?

    Always better off buying RAID drives from different vendors at different times, if you can.

  23. More info on Self-Wiping Hard Drives From Toshiba · · Score: 5, Interesting

    What a ... blog. Yeah. Just go to toshiba.com and read the press release from the source, instead of the cut and pasted partial version at the ... blog:

    http://sdd.toshiba.com/techdocs/MKxx61GSYG_release.pdf

    They claim it uses AES256.. How do you know its not some kind of simple XOR? Probably their exotic "crypto erasure scheme" which they don't discuss is simply deleting the AES256 key. Where would you store the key? How about in the partition table? How long until there's a patch to linux fdisk to read the key, or at least not overwrite it when partitioning, and then how long until someone uses a loopback crypto file system support until linux to read a drive assuming you previously know the AES256 key?

    Also, those drives are small. The last time I bought a 160 GB drive was in the mid 00s. Wouldn't it be hilarious if the low capacity was because everything is stored twice, once "encrypted" for the (l)user and once unencrypted for government special access "only"?

    This is just all speculation on top of speculation, yet it all seems strangely likely.

  24. Re:To be fair, here is link with ads on A5: All Apple, Part Mystery · · Score: 1

    I might side with you if there were any content. The article consisted of some micrographs and a lot of "duh" speculation. I came away with very little new information. It took them a huge block of text to tell me that they don't know what 60% of the chip does.

    60%... dual core ... what an interesting ratio... build 5 cutting edge cores and as long as at least 2 of the cores pass testing, ship it...

  25. Re:Mysql / FKs on Facebook To Be 'Biggest Bank' By 2015 · · Score: 1

    1) I'm referring to the general attitude which MySQL and fans used to have of "who needs foreign keys" back when it didn't have them.

    Mozilla Firefox doesn't support tabbed browsing so I'm going to use MSIE instead. Oh yeah, well yes you are correct that they added tabs in ver 0.3 back in 2002, but I'm still gonna slam FF nine years later just to make the point, so that no one will accidentally use it instead of MSIE.

    2) FKs are only enforced with InnoDB tables, which people who are using MySQL for the speed don't use. Sure, you could use them, but why use MySQL then?

    Use the correct engine for the job for each table.... If you need row locking and FKs for just a couple tables out of many, perhaps the proverbial facebook bank account ledger transaction table, then use innodb for those individual tables. Note that innodb isn't that much slower than the alternatives. You won't post numbers, so I won't either, but frankly unless you're doin' it wrong, innodb simply isn't slow. Using innodb "just because" even if a table inherently doesn't have any FKs and doesn't need any other innodb goodness is probably pointless.