Slashdot Mirror


User: aaarrrgggh

aaarrrgggh's activity in the archive.

Stories
0
Comments
4,145
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,145

  1. Re:Don't put it on the Internet! on Evaluating Or Testing Utility SCADA Security? · · Score: 1

    Original scenario: Vendor technician connects laptop to second Ethernet port of their equipment's management card when doing quarterly PMs. Now what?

    Mor common case: Even companies that should know much better (AT&T comes to mind) use Ethernet as the sole connection point to some of their SEL protection relays. It might be on a VLAN, but it is far from an air gap, and there isn't a dedicated workstation to connect a browser to just that VLAN.

    With RS485, it was easy to keep some semblance of an air gap, and while we do use serial data acquisition in some of our designs to bridge an air gap, it doesn't work for everything.

  2. Re:SCADA best for systems with short lifespan. on Evaluating Or Testing Utility SCADA Security? · · Score: 1

    OK. Try doing that 600 lines with ice cube relays instead... and hope nothing changes.

  3. Re:SEL SCADA Solutions on Evaluating Or Testing Utility SCADA Security? · · Score: 1

    Not as good as they think it is, but a little better than nothing. An appliance can't secure the network, but as a gateway to the SEL network it might make sense.

  4. Re:Don't put it on the Internet! on Evaluating Or Testing Utility SCADA Security? · · Score: 1

    That is easier said than done sometimes, and unfortunately it doesn't solve the whole problem. Solid layer-1 through 3 network security is extremely important, and needs to be very thurough.

    But resolving the details isn't easy. How do you prevent a technician serving one piece of equipment on the network from accessing other network-connected equipment? How do you counter factory backdoors?

    And... how do you do all of this without an IT staff dedicated to it?

  5. Re:I kinda agree with him on How Much Math Do We Really Need? · · Score: 1

    Two things:
    1) understanding the concepts behind derrivatives and integrals can help people to solve life problems, even if they use a spreadsheet and a graph to do it.

    2) people thinking that math is hard keeps people out of things like engineering for no good reason-- learning to learn math is an important skill.

    If you want to learn why the average Joe needs to learn math, go to a financial planner and look at their miserable analysis of your finances. The Rent vs Buy calculation is a great example. What the average person needs to understand is the sensitivity analysis and how changing variables impact their financial picture. While I couldn't claim to back the math out to solve for inflection points, understanding the TVM math and plugging it into a spreadsheet and looking at some graphs can get you close enough.

    Most people can't even understand exponential growth...

  6. Re:Asians on South Korean Cartoonists Cry Foul Over Edgy Simpsons Intro · · Score: 3, Insightful

    That survey is based on costs for American expatriates. Completely irrelevant for a local cost-of-living comparison.

  7. Re:YES! It's actually insane and insulting... on British Airways Chief Slams US Security Requests · · Score: 1

    Not defending the practice, but international arrivals in the US is treated as non-screened. You clear customs and get re-screened for your onward connection. Many airports abroad work this way for international transfers, but not all. Only in the last couple years has Heathrow gone this way.

    As you say, you have to establish the chain of trust. Secondary and tertiary screening can be effective, especially in high risk areas, but the reward is too low for most locations. Still remember flying out of Vientiene, Laos. Security check was a sign: No Guns. The xray machine was not even plugged in.

  8. Fastest?! on China Makes World's Fastest Supercomputer · · Score: 4, Informative

    Oak Ridge (Jaguar):
    Cores Rmax(GFlops) Rpeak(GFlops) Nmax Nhalf
    224162 1759000 2331000 5474272 0

    Seems faster by a good margin.

  9. Re:Not just useless, but actually toxic. on LSE Breaks World Record In Trade Speed With Linux · · Score: 1

    While I am against HFT, I do trade options which have significantly less liquidity than your average stock. My scale as an individual investor is that I want to get a trade through within 5 minutes, and would really prefer to have it done in one minute.

    For an investor with much more at stake, it is easy enough to see how a one-second interval could be make-or-break.

    I think the exchanges should be forced to add random delays into each trade in order to create some risk to the HFT folks. 100-500us should be enough for anyone...

  10. Re:Small businesses that need to watch costs? on Asterisk 1.8 Released With Support For Google Voice · · Score: 1

    As a /.'er, I can say that Asterisk was cost effective for us when we got over 6 extensions. I had no real knowledge of Asterisk or creating a dial plan, but we got it together and it has worked reliably for years.

    Compared to paying Digium or one of the other providers the recurring fees, it is marginally cheaper... even with out-sourcing our linux administration. Compared to the proprietary systems that you need to have a telecom vendor re-program, Asterisk seems to pay for itself in less than a year with minimal specialized skills.

    The only time the value proposition starts to disappear is when you want specialized features; the way we would like our night call switch to work would cost too much to implement, as would find-me/follow-me or a outbound dialing directory. 1.8 Might be the version we upgrade to though for improvements in some of these things. It's about time to replace the server anyway...

  11. Re:Improved fuel injection? on Mazda Claims 70 mpg For New Engine, No Hybrid Needed · · Score: 1

    The Tier-2 Diesels have a high pressure fuel injection system... something along the lines of 1000 psi. There is a lot that can go wrong with them though.

  12. Re:Tax the rich. (The rich say so.) on How Google Avoided Paying $60 Billion In Taxes · · Score: 1

    The problem area now seems to be in the $200-800k income range. This is especially true if you live in a place with a high cost of living.

    While sales tax is regressive to the middle class, treating a family in San Francisco making $250k the same as a married individual with the same income in Mississippi is off. The San Francisco family would pay an effective tax rate including sales, income, and FICA taxes of about 37%. In Mississippi, the individual would be increasing wealth at a much faster pace, and only paying an effective tax rate of around 28-30%.

    Once you get close to $1MM annual income there are plenty of ways to significantly limit taxes, especially through income property ownership and dividends.

  13. Re:How is Apple's stock price not a bubble? on Apple's Long Road To $300 · · Score: 1

    ...and Google has a PE of 23.5, with less growth and more difficulty finding new sources of revenue. Come next week, Apple's PE will drop down to 20 or so again with their new earnings report.

  14. Re:Big company on Feds Discover 1,000 More Government Data Centers · · Score: 1

    A 500SF room will hold a UPS, CRAC unit, PDU, and 16 racks, if there is no raised floor. If you add in a 12" raised floor, you are down to space for 12 racks. While more than a "couple servers," it is one logical planning block up from a 200SF room, and you will see government organizations justify it for something needing a rack or two of networking equipment plus two racks of servers thinking this is the only time they will ever get money for their pet project.

    What would be more telling is the space breakdown, PUE and total kW demand for the data centers; while they likely doubled the quantity the space likely only grew by 15-20% and the demand by 5-10%.

  15. Re:Big company on Feds Discover 1,000 More Government Data Centers · · Score: 1

    Dealing somewhat with classified networks, I can say that a BOFH wouldn't have any clue what servers a given program might be using. You might have a single subnet provided for the room, but that is all. Security is compartmentalized, which means you get exactly the information you need to do your job and nothing else. Each program controls their internal and external links pretty much, and if they can figure out a way to physically get a new rack in the room, and can hook up a breaker and some SO cord it will be up and running in no time.

    It isn't the right way to do things, but from the security perspective sometimes it is the only practical solution.

  16. Re:I hope they name it CURRY on Indian Military Organization To Develop Its Own OS · · Score: 1

    Further irony is that there is a Haskell (American) Indian Nation...

  17. Re:Oh dear oh dear oh dear on US Monitoring Database Reaches Limit, Quits Tracking Felons and Parolees · · Score: 1

    I had an application where I needed to manipulate a few million records to analyze data in excel. When you start using pivot tables, auto-filters, and the like, it isn't that hard to get into these absurd numbers.

    For myself, I ended up just using perl and a few shell scripts to get data into manageable worksets, but to claim a database is the answer to everything ignores many different things that can effectively be analyzed in the more free-form world of spreadsheets.

  18. Modbus isn't that Hard on Real-Time Power Monitoring Options? · · Score: 1

    Plenty of solutions that will work if you are willing to poll serial links for mod bus registers at a reasonable cost.

  19. As an IEEE Member... on Why Are Terrorists Often Engineers? · · Score: 1

    I don't know why the hell I belong. OK, so I got $100 off an order of $600 worth of books yesterday... but why the hell do they hit me with a paywall every time I try and click on an article. Really... what's the point!!

    Do they just want their members to increase their hatred level... and maybe start calling in bomb threats or something?!

    Whew... that felt good.

  20. Re:Really, people, just stop on Will Android Flavors Spoil the Platform? · · Score: 1

    It doesn't change the development economics though. A rapidly evolving, diverse set of products requires more QA and more tweaking than a stable platform with a limited number of devices. Fixing bugs as the platform changes doesn't add much value if the sale has already been made.

  21. Re:Waste on Ryanair's CEO Suggests Eliminating Co-Pilots · · Score: 1

    Autopilot was off.

  22. Re:Some things you'll want to do on Ideas For a Great Control Room? · · Score: 1

    I would recommend having a 100% outside air economizer, distance viewing elements to reduce eye strain, and time-of-day lighting to keep body clock normal-- brightest at noon, can even create asubtle artificial east-west fade with wall washers.

  23. Re:Well I'm 50 on Tech's Dark Secret, It's All About Age · · Score: 3, Insightful

    Ageism isn't a problem for star performers... it is a problem for the "average" people. If you want to do your job for 30 years and never change anything about what it is or what you know... you will be out of luck ...and a job.

    It is true in nearly every position, possibly with the exception of some forms of sales or medicine.

  24. Re:I think Oracle is right on The Case For Oracle · · Score: 1

    Can a language be owned? Of course an implementation of it can, as can a broader platform, but isn't google just using the language syntax? They aren't calling it Java, nor are they using any of Sun's tools, nor do they claim you can run Java byte code.

    All that is left is true innovation in the Java platform that could be patented that Davlic infringes on as a platform...

  25. Re:It should be: 4+3+2=x+2 (Solve for x) on US Students Struggle With Understanding of the 'Equal' Sign · · Score: 5, Insightful

    The equation noted lacked the precision of mathematics, and is therefore inappropriate without an instruction to the effect of "Solve for the number in () that makes this a true statement."

    I'm just an engineer and all, but I had to look at it twice to understand what they were looking for.