It's Easy To Hack Traffic Lights
I agree with you. I am a Controls Engineer. Until recently, my controls security was decades behind. Fortunately, Stuxnet happened, our CEO noticed the news stories and started asking questions and took an interest. A small group of controls engineers and an IT person who also did the controls network at the small plants he supports made a team, did research, made recommendations and were given money to start securing our network properly.
We need to start realizing security through obscurity is no security at all and make the changes starting with the vendors all the way through the end users.
A huge problem I have experienced is actually a lack of understanding of security and networking on the part of controls engineers, and a lack of understanding of controls systems by IT staff. I think this is actually one of the biggest problems that creates the security problems. Every place I have worked at or in (did a stint as a contract CE and went many places) there is a stand off between controls and IT. Controls knows what we need to do to make our system work and IT tries to tell us how we have to do things and they don't realize that it is not the same as a buisness network because it will shut the plant down to do some things they would like us to. CEs don't understand enough to secure the networks themselves so we do the best we can and keep IT away from our stuff and muddle through.
We need education on both sides so controls people know what they need to do and IT people who understand the differences between business networks and controls networks. Unfortunately, of all the IT professionals I have worked with, only 2 have understand the controls world enough, or been willing to even listen) to help so we just shut them out. I would much rather work with IT and not have to learn all of this security stuff myself when we have IT professionals who know the security. Granted, they probably don't want to learn about my world the same way I would rather not have to learn theirs, so we are right back at the stand off.
Ask Slashdot: In What Other Occupations Are IT Skills and Background Useful?
I am a Controls Department Manager. Controls Engineering is that discipline that programs the Programmable Logic Controllers (PLCs) and Distributed Controls Systems (DCS) that talk to all of the instrumentation in an industrial plants.
Our Operator Interfaces are typically Windows boxes, or vendor specific OS and are tied to a LAN so they can talk to the controls systems. In addition, we are starting to get more and more I/O that is Ethernet I/O (plug in an e-net cable and talk to it that way).
Add to the fact that IT departments at many companies don't get the difference between a business network environment and controls environment and many controls engineers have to learn enough IT to maintain their own network and hardware. At the 3 companies I have worked at in the past 14 years, each company I found few IT personnel who understood what I do enough to help and many more that wanted to do things on my network that would simply just shut down the production lines so I just learn to do it myself with help of those few that understand the production needs.
Organic Cat Litter May Have Caused Nuclear Waste Accident
I was going to say pretty much the same thing. This article isn't really a slam on environmental, or an attack of nuclear, this appears to me to be EXACTLY what you wrote. Purchasing decided to make a change to what was being purchased and didn't understand the reason why something was spec'd as such.
I get regular calls from purchasing because they found something cheaper that they think will work perfectly well as a replacement for part X. Every time we go through the exercise, we find 1 of 3 things:
1) The item they found is cheaper for a reason. Purchasing missed that part of the spec calls for something for a reason they they have no clue what it even means so they do not realize the cheaper thing does not meet the spec.
2) They didn't even bother to look at the spec, just figured it would work the same.
3) they don't realize that changing to have 1 or 2 of these of a different brand while it will save a few thousand dollars, will deviate from plant standard and will end up costing us 10x+ the savings of the purchase because we do not have spare parts or training on how to fix this one.
Kids Can Swipe a Screen But Can't Use LEGOs
I hear your first comment ALL of the time and even seen it published in a newspaper....not so much about the mindstorm.
Every time someone says this, I always want to say, you obviously don't have kids do you? I have 4 ages 10-13 and they get all the sets with all of the specialized pieces. Aside from my one son's Darth Vader Tie fighter set that stayed together for about 3 years before getting broken down, every other set they have with all of the crazy fancy specialized pieces are broken down in several bins or in their current work of Lego.
Specialized pieces did not destroy kids imaginations or hamper their ability to build in the slightest. They work just as well getting put into something else that has nothing else to do with it what they were designed for. My daughter has a whole made up factory with employees, break room, work area, specialized pieces from 3 or 4 different types of legos sets all over the place, none of the sets were originally a factory or lego town set. That factory has grown and changed several ways and lasted for a year.
Emails Reveal Battle Over Employee Poaching Between Google and Facebook
I just don't know what to say about this comment. The awesomeness of it is unbelievable. You just blew my mind!
$30K Worth of Multimeters Must Be Destroyed Because They're Yellow
I agree they look like a Fluke. I saw the picture and thought it was a Fluke until I looked closer.
One of the commentators on the story brought up the fact that this meter looks enough like a fluke, but it not rated for the same power as a Fluke. I know I grab my Fluke, I am good up to a voltage way above the 120 or 220 I might use it on. That thing would probably burst into flames if used. So if that ends up on a workbench next to a good Fluke, gets used, blows up, then Fluke is blamed. I guess I can see why they would want to protect their image here.
The story statement of the yellow color being trademarked though makes me think of the apple rounded corners things, which I don't agree with. Not sure where to fall on this...so conflicted!!!
Why Your Phone Gets OTA Updates But Your Car Doesn't
1) Wait until USB updates for cars are the norm
2) Send USBs that infect the cars with viruses and then they will crash at predetermined time
3) Send blackmail notices that arrive when a certain number of cars throw themselves off the highway at high speed actives
1) Wait until USB updates for cars are the norm
2) Put USB sticks in mail to rich people who's cars you want to boost
3) Wait until they plug it in and have the car unlock itself and then start up at a time you want to boost it, like when they are at the office and you are waiting outside
Or just go tin foil hat and realize that terrorist can follow this and program all cars when the get over 70 miles an hour to accelerate and then cut the wheel all the way to cause mass destruction. How many people would see it and plug it in not realizing they just infected their car OS with a killer bug.
Cars need to not be hackable and the more we connect them, the more hackable they become. USB isn't as bad as connecting them, but it is trusting that granny or Joe blow will know, "This USB looks like a fake" and not plug it in. We can't convince them not to open email attachments from people they don't know, how will we stop this.
Students Hack School-Issued iPads Within One Week
If I had mod points, you would get them all! The first and most effective step to improving our education system would be to get rid of the public sector unions. Public sector unions are to the education system what lobbyists are to the government. Public Sector Unions should be illegal and done away with.
Making Public Sector Unions illegal and then you can start reforming education in ways that will actually work.
How Deadbeat Facebook Friends and Using ALL-CAPS Can Lower Your Credit Score
Look at your list of Facebook friends if you use it. How many of them have anything to do with your credit worthiness or do you have any idea about their financial lives?
Do you have any high school friends on there? A friend you knew when you were 14 who was cool then but has since become a dead beat? You both share a hobby that you shared at 14 so still talk about that a lot and you should be dinged for his bad decisions?
You have a couple of brothers/cousins/family members who have made horrible financial decisions and declared bankruptcy a couple of times. You have done everything right and are responsible financially and so you are penalized for that?
You join a club quilting club with a FB page and meet a bunch of people and several of them that are active quilters are doing so while foreclosing on their homes and so you deny me a loan?
If the company has no financial information to go off, maybe I can see this being valid, but still a stretch. If you read the article, this company operates in the Philippines, Mexico and I forget the last country. Places where they have very little information to go off so thy use what they can. Judged by the company you keep on FB is ludicrous.
Dispatch From the Future: Uber To Purchase 2,500 Driverless Cars From Google
A quick search reveals this:
And their math says 165,000 miles per accident for a person.
This one below says 5.7 crashes per million miles driven for women and 5.1 crashes per million miles. That gives you 175K or women and 196,078 for men. A bit off from the first, but not too far off.
There are a few other links. So while you say 300,000 miles without a single at fault incident is not that good, it is almost twice what people do from the articles I can find.
While having any accidents will trigger panic and people screaming how terrible this is and how it should be banned, if people examine the data it says that at the present 300K we would reduce accidents by nearly 30%-50%. If it goes to 600K without an incident, we just reduced accidents and deaths to 25-30%% of what they were.
US Gov't To Issue Secure Online IDs
I could not help but think....
Three Master Keys for the Agencies under the Executive
Seven for the Security Council in the Congress Hall
Nine for the Justice supporting no warrants
One for the President on his Dark Throne
In the Land of States where Freedom dies
One Key to Rule rule them all, One Key to silence them
One Key to subject them all and in subjugation bind them
In the Land of States where Freedom dies
San Francisco Fire Chief Bans Helmet-Mounted Cameras For Firefighters
I will preface this by saying, I am a volunteer fire fighter. Been in the middle of things fighting fires, responding to medical emergencies and training. Sometimes caught on camera, sometimes not.
Should firefighters be rescuing people and fighting fires or d*cking around with their GoPro to get cool Youtube videos?
You haven't watched many fire fighter videos have you? It is extremely rare that the person recording is at all concerned about what they are recording. They are normally just doing their job and catching what gets caught. If they are taking time to get cool shots, it means it is training or the scene is 100% secure and controlled. In an active fire fighting situation or when you have someone on the group they are trying to save their life, it is not normal that any fire chief will turn all hollywood camera man. They catch the video and then share it with other fire fighters in training activities and point out what went well and what went horribly wrong. I have sat through many hours of watching helmet cam video of situations. Almost every single video is 15+ minutes long with 60%+ of the video useless because the camera is pointed at the ground or at something not the fire and the view bounces all over the place because the person is doing their job, not trying to get the good shot. Firefighters are trained to do their jobs not take video. You get in an emergency and your training kicks in and you do what you are trained to do and pay attention to the emergency.
As medical responders, what about HIPPA? Does a person have the right to call for help secure in the knowledge that the rescuer won't be spreading helmet-cam footage of their nude mangled body across the Internet or news?
Fire fighters videos are rarely spread out for public to see without department scrutiny first. If you see something like this, it is more then likely the news media. Also, in a purely medical situation, they usually don't wear helmet cams.
I wonder if "...respond to 1234 Main Apartment 3 for a 34 year old female suicide attempt via overdose..." is broadcasting just a bit too much personal medical info.
No, it is not. Would you rather they do not give a location and the paramedics play a guessing game? I will just drive around until someone flags me down. Or how about, when I arrive, I guess what the problem is and if I guess wrong, have to run back out to the ambulance because I brought the wrong equipment. Maybe I can leave out the age and sex of the person down...guess not because both have a bearing on how you treat the situation. Maybe we do it all via cell phone or wireless ethernet to their laptop? Yeah, not sure much, neither are reliable enough. They broadcast what the need to in order to best handle the situation. They are trained on what to say and how to say it. Communication is one of the most important things in emergency situation. They know what they need to do.
Hackers Reveal Nasty New Car Attacks
There is a side you may be missing with instrumentation and controls systems. I don't work on automotive, but I work on industrial controls systems and converting a system from pneumatic (like an old braking system) to electronic (new braking system) in my world dramatically increases equipment reliability. While you do have the extra failure mode of the cars computer, the components of the new system are orders of magnitudes more reliable then the components of the old system. My industrial controls electrical systems mean time between failure when running 24/7/35 is 31+ years. The pneumatic style are maybe 5-10 years mean time between failure. Not sure exactly how this translate to automotive, but in my experience the fly by wire is more reliable. An additional failure mode, but overall more reliable.
I am not sure if the car manufacturers deal with failure modes that way I do at my plant, things are programmed and designed for fail safe mode. An example would be a stop push button for a piece of equipment. Pushing the button breaks the electrical connection, dropping out the equipment. The button failing, or the wires to the button getting cut, input point on the controls system breaks, etc. takes the exact same action as if you pressed the button. Button no work, equipment no run.
Planes have been fly by wire for years and were changed due to increased controls systems reliability. Your wrote, "increases the number of failure modes as well as the probability of failure" and while the first half is correct about the increase in failure modes, I highly doubt the increased probability of failure.
New Study Fails To Show That Violent Video Games Diminish Prosocial Behavior
I haven't been playing as many violent video games lately and have moved to playing causal things like tower defense. Mainly for time constraint reasons, not that I was worried about violence. I have noticed no changes to my behavior since switching from violent games to tower defense types games what so ever. I wasn't violent before when I played FPS and others or become more passive because I stopped. As a matter of fact....
Sorry, can't comment more. I have to go. My co-workers have been trying to get into my office and just broke down the first barricade I built to keep him out. need to go repair it and building a catapult that will launch office supplies at anyone getting near my barricades.
The Search Engine More Dangerous Than Google
I was going to make your point #1 and agree with you #2 and #3.
You last paragraph though is a HUGE problem. If you loose that piece of paper because it was separated from the packaging, or got wet while sitting in the warehouse and maintenance pulls it off the shelf to install it and it is useless, then the manufacturer gets a huge ear full because the facility was down because they were stupid enough to write the unique password on a slip of paper that was tossed with the packaging.
In the world of instrumentation, as your first point said, the defaults are well known and if you want to find them out, all you have to do is google the name of the device + manual.
Is It Time To Enforce a Gamers' Bill of Rights?
But....but....it is a Bill of Rights! How could you possibly say what you are saying, this is a Bill of Rights! We have the right to have companies provide us with video games on our terms that we agree to! That is a God given right and we all need to stand up for our rights as individuals.
The above was sarcasm. I point this out for the sarcasm impaired.
What we really need to do, which is part of what you said, is stop cheapening the right we actually have by using Bill of Rights as a buzz word and make everyone think they are entitiled to this because it is a right! If we need new consumer protection laws, fight for them. If we have unenforced consumer protection laws, the fight for them to be enforced.
Thousands of SCADA Devices Discovered On the Open Internet
I am a Controls Engineer and have worked at several companies and you are right on part of the problem.
There is more to it though. At many places, there is fighting between IT and Controls because IT thinks they know everything about how every computer should work and every network. They come in and try and make changes to fit their standards without realizing they just shut down production.
I have had some IT people that I fought with all the time, some who have ignored me and let me do my thing and a few who have listened and helped me secure my network better. This is the exception to the rule though and way to many IT people won't listen to the requirements the Controls people have so we end up fighting and trying to stay away when we could work together and build a separate secure controls network.
Attitudes are starting to change though and DHS and vendors are starting to educate Controls and IT both whenever they will listen so they can secure their networks. Current place I work, the CEO and IT Steering committee both saw the light and while we have done a good job securing our networks, they have agreed to allow us to build the security standards and protocols set out by DHS and vendors.
Vendors also have never built their equipment with security in mind and are starting to make some changes there, but they are not there yet.
LG Introduces Monitor With 21:9 Aspect Ratio
I didn't know about the windows key + arrows for the docking positions for documents. I just always docked things manually to one side or the other. With 2 monitors, I could not dock to the middle positions.
Thanks for the post with that info. Cool new trick!
LG Introduces Monitor With 21:9 Aspect Ratio
4:3 is getting harder to get in anything larger then the 19". I am a Controls Engineer and our visualization software that we use does not convert well to different ratios so if we were to change from a 4:3 ratio, we would have to do some redraws on every screen, or just stretch it on the screen so the text appears too wide.
We have been going up in monitor size and 2 years ago, we could get 4:3 in things larger then 19" and standardized on buying 21" and were going to standardize on 23". Suddenly, I can't get 4:3 in larger then 19" from Dell.
While 19" and lower are still around in 4:3, that is actually a reversal from 2 years ago, so it does make me worry that 4:3 might just disappear in favor of wide screen and I have to tell them to live with wide text or do the redraw.. Checking new egg, if you did a plot of the number of 4:3 they have, the curve goes up to 19: and then drops off very quickly to only 10 models out of 120 4:3 that they sell being larger then 19". If you look at widescreen, the curve tops out at 23" and then tails off but there are 350+ models and there are more models larger then 23" wide screen then the total number of 4:3 ratio models listed.
Not sure if the 4:3 will disappear or just be a small market with smaller screens, but it is does appear that they are going away from 4:3 in general and defiantly dropping many above 19".
How To Watch Internet TV Across International Borders
I saw that too!! It was amazing! Did you keep watching and see that the wheel can also be clicked on as well!!!
I hear next week they are going to talk about this thing with letters on it. I hope they cover the ESC key and where there ANY key is. Som many things ask me to hit the ANY key and I end up having to hit the computer power button because I can't find it.