Your coal plants put more radioactive waste into the atmosphere every day than a nuclear plant
Well Mr English Teacher or whatever you are, instead of correcting our spelling I challenge you to calculate how many hundreds of thousands of tons of the most radioactive coal on the planet you would have to stand beside to be exposed to one "banana dose" of radiation.
Oh that's right, I remember this, the perfect nuclear plant on paper puts out nothing so it's a divide by zero error! ORNL bullshit propaganda from a guy that was better known for his joke books aside, there are also still plenty of engineering problems with reactors, especially ones with liquid metal as coolant or fuel. They are probably solvable within a few years but handwaving them away as not existing is counterproductive.
I did too but now I just think they are too large, and about due to be retired. Even at the size they are it's saving a bucketload in capital costs in building new coal fired or other large units, and most of the capital costs of the solar are paid for by the people who put them on their roofs. It's shaved a vast amount off the daytime peak and that's when everyone's at work operating electricity hungry machinery, office lighting etc. Having a lower maximum requirement on the grid means not having to increase carrying capacity at substations and not increase generating capacity - in fact a couple of 350MW units near me have been mothballed for over a year since so much has been shaved off the peak.
Anyone want to clarify what the problem with thorium is?
Existing stakeholders have put a lot into Uranium and were willing to lobby the Clinton era government to get a Thorium research reactor shut down and hound the head of that project out of the nuclear industry. He dared to suggest that a Thorium reactor would be safer which implied that existing reactors were not safe enough. While that was years ago it seems to be the end of the matter as far as the USA goes.
India was starting mostly from a clean slate and Uranium exports to them were blocked for decades (while they were not blocked to Iraq in the 1980s - funny really), so they had some incentive to use Thorium (plus that's how they got material for their bomb in an unexpected way). Now a lot of places are trying to sell them cheap Uranium so it's uncertain whether they will continue to develop new Thorium based designs, some that look like they can also take expended Uranium fuel rods and use them without any need for reprocessing. China seems to be ready to try anything they can get.
Yes but it's been parroted by thousands of fans of 1970s dinosaur nukes who took it out of context for decades. It's not the people with a clue with practical suggestions we have trouble with. It's the people that believe it's "clean!!!!" magical cheap and safe stuff that you don't have to watch like a hawk and clean up afterwards that are the problem. It's that sort of counterproductive shit that resulted in things like the Synrok nuclear waste management system not being able to get funding for a couple of decades while we we creating problems for the future by just shoving high grade waste in stainless steel drums. Remember that a lot of the trouble at Fukishima was due to waste still on site instead of it being properly dealt with.
It's not CLEAN unless we deal with it properly and it's only SAFE because it's treated with the respect that the fanboys think is excessive. We don't want cheerleaders running this stuff (see TEPCO and other places with coverups for examples) - scientists and engineers who know how dangerous the stuff is and deal with the danger are how it should be done.
No you understand fine - it is a "whoosh" event. Sexconker above put it far better than I could:
It's like running a lumber yard and instead of putting fire alarms, smoke detectors, etc. in all of your buildings and monitoring them, you have a big unprotected building full of sawdust and small bits of wood next to your other buildings. Then you put a fire alarm on it so you know when there's a fire. It's fucking retarded.
You don't provide revenue either but instead contribute to the product that eventually gets sold. Others also contribute. You are a "support" person to the salesfolk if I apply the same reasoning you are applying to IT. BTW, I am also a professional engineer but I mostly run computer systems for others these days and assist with the development projects for others. "IT" is not as cut and dried as you like to pretend. Many people would call your job of hardware and software development "IT" and be confused that you seem to be lumping yourself in with janitors.
Well at least you've managed to get a sense of superiority out of replying to these comments even though you do not seem to have grasped the context of the discussion. Calling an IT person a janitor as an insult shows a lack of respect for both and is as stupid as calling a marketing person a hooker or a finance person a thief.
It is well known and established security fact that the vast majority of threats to a network come from within
And this is a very stupid way to attempt to deal with the situation. Fabricating ready made crimes to catch the weak willed, deals with low hanging fruit, gives you a false sense of security and can lead to punishment of people who you normally wouldn't have to worry about.
I see now - fully trusted hosts, potential malware ridden with no way to keep it off other than hoping the antivirus updates arrive before the malware, and a closed system where you have to guess at the legitimate traffic to boot. I can see now why you grasp at straws such as honeypots and hope the malware is so badly written that they randomly get attacked before your real systems instead of the malware taking a look at what the machine it is on has connected to in the past. After they do get attacked what do you do to stop an attacker using the honeypot as a potential vector to do other stuff? Even if they can't get out they can work out you are watching them and feed you disinformation.
Any traffic to the honeypot is worth investigation.
True but decent monitoring should turn up attempted traffic to addresses that do not exist in the same situation. Decent monitoring is hard to bolt on after the fact but a rock solid playpen for crackers, with decent monitoring of that, is probably not going to be easy to do either. It's one thing having a research honeypot outside of your external firewall, but with one inside your LAN with the welcome mat out what do you do when a cracker gets more control than you expect?
Do you have any idea how much traffic a corporate mail server can get?
If your network is too large to comprehend then apply an engineering solution instead of a basket weaving solution and handle things in managable chunks. Since IT folk like to pretend they are engineers (which was to my benefit when I changed careers from engineering a couple of decades back) why not act like them? Suspicious stuff coming in or out of segments is one way of tracking, does that really compare with hoping something randomly hits your honeypot? Oh that's right - if you are not tracking what is coming in and out of managable segments then hope is all you've got. Carry on then. Let's hope they don't use your fragile honeypot as a springboard to something else before you find out they are there.
The REAL storage server is used by thousands of people, so it gets many, many requests per minute. Sorting out legitimate use of the storage vs something suspicious would be nearly impossible.
Take a look at how people handle security on very large compute clusters. It is not "nearly impossible". If you are not on the list you don't get in. If you try to get in you get logged. If it's too large to monitor you cut it into chunks that are not too large to monitor.
Australians are generally lazy but get a reputation for being hard workers overseas due to the way we deal with it. The idea is to get into the work as quickly as possibly so we can get it done and bugger off home early:)
One of the bigger cultural differences I've found working in both the U.S. and Scandinavia is that American meetings are long, unpredictably scheduled, and really disorganized
One quite pathetic situation/problem in large organisations is that people can be seen to be more effective the more "face time" you have with them. Thus some long meetings exist for the sole purpose of spending time with the people with the power to promote. Apparently it then snowballs into the "company culture". Since I'm now in a small enough place that everyone has no choice other than spending time with everyone else I can avoid that stupidity but I still see it on occasion when the company I work for takes jobs from some large multi-nationals - I get to see a little window into full-on Dilbert territory. Things like meetings where eight people from the other company turn up but only two speak, who get left floundering with no backup when out of their depth despite all the others there.
Once again - network monitoring. If something starts sniffing around your machines that only get specific traffic from specific hosts on specific ports that rings alarm bells better than letting some fragile thing get owned and be used for who knows what before you can respond.
It was a rubbish analogy that deserved to be mocked with an added insulting accusation of being a criminal. They ARE leaving something out in "public" when the public are the employees of the company - leaving the money out in the hallway and punching whoever picks it up.
It's no different from entering a house through an unlocked window
Clearly not because the people you are trying to catch are already "in the house" but you just happen to have put something shiny in their sight in the house with a sign "don't touch" on it. Ready made crime. Just add criminal. Whether the potential criminal would exploit other, more difficult, opportunities and become an actual criminal is unknown, so it's largely pointless and better to go after something real instead of wasting time unless your goal is to impress others by setting people up for crimes and getting an impressive "arrest record".
Yes - bait on an internal network to catch people who see the "shiny" and act. The question to ask before deploying such things is to ask yourself (or you boss) what your job actually is. Is it to catch a number of people and meet some sort of "arrest quota" or is it to actually protect things? If it's the former then putting up fragile things to attract the attention of the weak willed may be a go, but if it's the latter you may well just be wasting time while the serious threats are getting into your serious systems. They could be getting in while you are distracted playing this game.
IMHO you are better off having better monitoring on the serious systems on a properly segmented network and watching that instead of scattering toys about and looking to see who they distract.
Honeypots are a cool research tool for seeing what people out on the net are trying to do, but as a security measure on internal networks? Sounds more like buzzword overload than anything useful in that situation unless you want some heads on pikes of the entrapped to scare people.
If I'd pulled this shit and enforced some sort of penalty I'd probably be down three or four decent developers because they decided to take a bit of a look around the local network when they first started. Those are just the ones that did really obvious portscans from their own desktop computers so there may have been more.
Well Mr English Teacher or whatever you are, instead of correcting our spelling I challenge you to calculate how many hundreds of thousands of tons of the most radioactive coal on the planet you would have to stand beside to be exposed to one "banana dose" of radiation.
Oh that's right, I remember this, the perfect nuclear plant on paper puts out nothing so it's a divide by zero error!
ORNL bullshit propaganda from a guy that was better known for his joke books aside, there are also still plenty of engineering problems with reactors, especially ones with liquid metal as coolant or fuel. They are probably solvable within a few years but handwaving them away as not existing is counterproductive.
Apparently the site is too wet and a few miles west in California would be much better.
I did too but now I just think they are too large, and about due to be retired. Even at the size they are it's saving a bucketload in capital costs in building new coal fired or other large units, and most of the capital costs of the solar are paid for by the people who put them on their roofs. It's shaved a vast amount off the daytime peak and that's when everyone's at work operating electricity hungry machinery, office lighting etc. Having a lower maximum requirement on the grid means not having to increase carrying capacity at substations and not increase generating capacity - in fact a couple of 350MW units near me have been mothballed for over a year since so much has been shaved off the peak.
Existing stakeholders have put a lot into Uranium and were willing to lobby the Clinton era government to get a Thorium research reactor shut down and hound the head of that project out of the nuclear industry. He dared to suggest that a Thorium reactor would be safer which implied that existing reactors were not safe enough. While that was years ago it seems to be the end of the matter as far as the USA goes.
India was starting mostly from a clean slate and Uranium exports to them were blocked for decades (while they were not blocked to Iraq in the 1980s - funny really), so they had some incentive to use Thorium (plus that's how they got material for their bomb in an unexpected way). Now a lot of places are trying to sell them cheap Uranium so it's uncertain whether they will continue to develop new Thorium based designs, some that look like they can also take expended Uranium fuel rods and use them without any need for reprocessing.
China seems to be ready to try anything they can get.
Yes but it's been parroted by thousands of fans of 1970s dinosaur nukes who took it out of context for decades. It's not the people with a clue with practical suggestions we have trouble with. It's the people that believe it's "clean!!!!" magical cheap and safe stuff that you don't have to watch like a hawk and clean up afterwards that are the problem. It's that sort of counterproductive shit that resulted in things like the Synrok nuclear waste management system not being able to get funding for a couple of decades while we we creating problems for the future by just shoving high grade waste in stainless steel drums.
Remember that a lot of the trouble at Fukishima was due to waste still on site instead of it being properly dealt with.
It's not CLEAN unless we deal with it properly and it's only SAFE because it's treated with the respect that the fanboys think is excessive. We don't want cheerleaders running this stuff (see TEPCO and other places with coverups for examples) - scientists and engineers who know how dangerous the stuff is and deal with the danger are how it should be done.
I understand all right. The analogy is to help others like yourself understand why decent monitoring is better than ad-hoc monitoring.
Sexconker above put it far better than I could:
I can only assume that somebody at Microsoft said - "we'll make it like an iMac AND an iPhone at the same time!".
We'll find out next leap year when they all go down again :)
It's a joke - I don't really expect a third major leapyear fuckup from Microsoft, twice should have been enough of a wakeup call.
Well that appears to be one workplace that sucks.
You don't provide revenue either but instead contribute to the product that eventually gets sold. Others also contribute. You are a "support" person to the salesfolk if I apply the same reasoning you are applying to IT.
BTW, I am also a professional engineer but I mostly run computer systems for others these days and assist with the development projects for others. "IT" is not as cut and dried as you like to pretend. Many people would call your job of hardware and software development "IT" and be confused that you seem to be lumping yourself in with janitors.
Well at least you've managed to get a sense of superiority out of replying to these comments even though you do not seem to have grasped the context of the discussion.
Calling an IT person a janitor as an insult shows a lack of respect for both and is as stupid as calling a marketing person a hooker or a finance person a thief.
Seems frequent enough. I've had to populate desktops with icons for people who seem scared of the "start" menu.
That's an analogy that works far better.
You've got me. While a honeypot doesn't seem that useful versus an active cracker my arguments fall down against dumb malware and script kiddies.
And this is a very stupid way to attempt to deal with the situation. Fabricating ready made crimes to catch the weak willed, deals with low hanging fruit, gives you a false sense of security and can lead to punishment of people who you normally wouldn't have to worry about.
I see now - fully trusted hosts, potential malware ridden with no way to keep it off other than hoping the antivirus updates arrive before the malware, and a closed system where you have to guess at the legitimate traffic to boot. I can see now why you grasp at straws such as honeypots and hope the malware is so badly written that they randomly get attacked before your real systems instead of the malware taking a look at what the machine it is on has connected to in the past.
After they do get attacked what do you do to stop an attacker using the honeypot as a potential vector to do other stuff? Even if they can't get out they can work out you are watching them and feed you disinformation.
True but decent monitoring should turn up attempted traffic to addresses that do not exist in the same situation. Decent monitoring is hard to bolt on after the fact but a rock solid playpen for crackers, with decent monitoring of that, is probably not going to be easy to do either. It's one thing having a research honeypot outside of your external firewall, but with one inside your LAN with the welcome mat out what do you do when a cracker gets more control than you expect?
If your network is too large to comprehend then apply an engineering solution instead of a basket weaving solution and handle things in managable chunks. Since IT folk like to pretend they are engineers (which was to my benefit when I changed careers from engineering a couple of decades back) why not act like them? Suspicious stuff coming in or out of segments is one way of tracking, does that really compare with hoping something randomly hits your honeypot? Oh that's right - if you are not tracking what is coming in and out of managable segments then hope is all you've got. Carry on then. Let's hope they don't use your fragile honeypot as a springboard to something else before you find out they are there.
Take a look at how people handle security on very large compute clusters. It is not "nearly impossible". If you are not on the list you don't get in. If you try to get in you get logged. If it's too large to monitor you cut it into chunks that are not too large to monitor.
Australians are generally lazy but get a reputation for being hard workers overseas due to the way we deal with it. The idea is to get into the work as quickly as possibly so we can get it done and bugger off home early :)
One quite pathetic situation/problem in large organisations is that people can be seen to be more effective the more "face time" you have with them. Thus some long meetings exist for the sole purpose of spending time with the people with the power to promote. Apparently it then snowballs into the "company culture".
Since I'm now in a small enough place that everyone has no choice other than spending time with everyone else I can avoid that stupidity but I still see it on occasion when the company I work for takes jobs from some large multi-nationals - I get to see a little window into full-on Dilbert territory. Things like meetings where eight people from the other company turn up but only two speak, who get left floundering with no backup when out of their depth despite all the others there.
Once again - network monitoring. If something starts sniffing around your machines that only get specific traffic from specific hosts on specific ports that rings alarm bells better than letting some fragile thing get owned and be used for who knows what before you can respond.
They ARE leaving something out in "public" when the public are the employees of the company - leaving the money out in the hallway and punching whoever picks it up.
Clearly not because the people you are trying to catch are already "in the house" but you just happen to have put something shiny in their sight in the house with a sign "don't touch" on it. Ready made crime. Just add criminal. Whether the potential criminal would exploit other, more difficult, opportunities and become an actual criminal is unknown, so it's largely pointless and better to go after something real instead of wasting time unless your goal is to impress others by setting people up for crimes and getting an impressive "arrest record".
So why a honeypot and not traffic monitoring?
Yes - bait on an internal network to catch people who see the "shiny" and act.
The question to ask before deploying such things is to ask yourself (or you boss) what your job actually is. Is it to catch a number of people and meet some sort of "arrest quota" or is it to actually protect things? If it's the former then putting up fragile things to attract the attention of the weak willed may be a go, but if it's the latter you may well just be wasting time while the serious threats are getting into your serious systems. They could be getting in while you are distracted playing this game.
IMHO you are better off having better monitoring on the serious systems on a properly segmented network and watching that instead of scattering toys about and looking to see who they distract.
Honeypots are a cool research tool for seeing what people out on the net are trying to do, but as a security measure on internal networks? Sounds more like buzzword overload than anything useful in that situation unless you want some heads on pikes of the entrapped to scare people.
If I'd pulled this shit and enforced some sort of penalty I'd probably be down three or four decent developers because they decided to take a bit of a look around the local network when they first started. Those are just the ones that did really obvious portscans from their own desktop computers so there may have been more.
Oh do at least try to grow up.