Junk e-mail address
Well, I'm proud of it. But not enough to give it it's own address.
Its got better things to do than correspond with strangers. Like do all of my thinking.
662 posts • joined 16 Mar 2008
Well, I'm proud of it. But not enough to give it it's own address.
Its got better things to do than correspond with strangers. Like do all of my thinking.
... would like to know if one of these are similarly effective in extracting people from in front of television sets.
... we can no longer say "as rare as hen's teeth".
"potential for blackmail"
The only potential for blackmail here is the risk of being fired for something his employers object to. So I'd say that management with overly strict moral standards are what create a potential for blackmail. Remove them and the problem is solved.
I'm sorry Dave ....
"Is this lock at least as usable as a physical lock if the power (or data connection?) goes?"
As I undersatnd it, this lock replaces the inside lock knob. You still have a key hole available on the outside (for backup). On the inside, this lock can be actuated by physically turning the lock/unlock ring or remotely with a Bluetooth app. So it is exactly as secure or insecure as the pin and tumbler cylinder that you select for the outside.
Security is still a question seeing as how some automobile RFIF locks are somewhat less than secure.
Why hasn't the vendor been identified? And possibly the product involved.
I can understand DMCA applying to the necessary reverse engineering and release of proprietary information. That should (rightly) be kept between IOActive and the anonymous vendor until such time it can be established that no fix is forthcoming and the public good can only be served by a release. But I'd like to know (as a potential buyer), if a potential purchase might be defective. And whether I should wait or select an alternative.
The alternative is that I put a hold on all SCADA equipment purchases until such time as the issues become known. And result in harming some completely innocent vendor.
"it is not clear that functions like output regulation, protection and monitoring need to become disabled if the GCU software should crash owing to the overflow of a finite counter."
All of these functions are implemented using digital signal processing techniques. Sampling, filtering and other functions with any kind of time variable will depend on the system clock, timers and event queues. If the clock becomes untrusted, continued operation of the generator can result in a hazardous condition. So a watchdog circuit trips the generator field off, preventing it from producing power and disconnects it from the system. The system design assumes a fault on a single generator channel. So another generator could be switched over to pick up the load. But since this failure mode can affect all channels nearly simultaneously, there is no source left to fall back on.
It contains the voltage regulator, generator field and generator main breaker control plus a lot of protection and monitoring functions.
As with practically all modern digital control systems, anything requiring a time delay, interval, scheduling future events, etc. uses a system clock to determine when the next task is to be run. At first glance, this would appear to be a simple implementation. Schedule event at Time = Now + Interval. But there's that nasty limitation of all microprocessors in that time is stored in a register or memory location with a finite upper bound. So when the timer reaches that, it rolls over to zero again (much like a mechanical odometer). So all timing functions must be written to handle this discontinutiy in their logic.
What shocks me about the 787 power system controls (sorry about that), is that the real time controls and event scheduling routines appear not to be based on some stable and tested software libraries. Where such goofs have been caught and fixed early in their development. These are the sorts of goofs that any competent embedded s/w designer should be aware of. But better yet, this level of code is something that an application developer should never have to write from scratch.
This reminds me of an anecdote from my days at Boeing*. I was reviewing the credientials of several candidates for a job which involved the maintenence of a large package of (mainly) Perl code that moved documents around between various systems. One guy submitted a Perl app he had written in his previous job that implemented an FTP session to do just this sort of thing. It was well written, neatly formatted and showed that he had a good understanding of Perl syntax and programming. But it was dozens of pages of an 'expect' like program that called a Unix command-line ftp client. So, during the interview, I asked him if he had ever heard of CPAN. "No", was his reply. "So, you've never seen the Net::FTP module?" "No" again. Net::FTP could do in a dozen lines what he had done in that many pages of code, leaving me to wonder just how 'good' a developer he was.
*Boeing most probably didn't write the GCU code. That's a trail that runs back through several layers of h/w and s/w vendors.
That's the hypothesis some have put forth on another s/w geek board. The flight crew reached the point in their checklist where they were to open a particular file (PDF? Proprietary format?) and they both crashed simultaneously. The solution was to go back to the gate WiFi hotspot and grab a repaired copy.
So we have data required for a flight. And there's no means to checksum it against a vendor's tested copy on download? No signed certificate to make sure Bad People haven't slipped a corrupt copy onto the server? And then a viewer app that crashes the tablet instead of popping up a "bad data" message? If it was up to me, the iPad would keep the last version of map (assuming adequate storage capacity) and allow reverting to the older one.
"the comms databus is shared."
I'm not certain if this is the case on the 737-800 (Roberts' plane). But in the case of the 787, Boeing asked the FAA on a ruling regarding just this configuration. Here it is.
Aircraft use a special implementation of Ethernet for avionics communications, AFDX. This network can reject data packets from hardware not programmed into its routers static MAC address table. However, there remains a danger in that someone might find a way to upload malicious code into a passenger facing device (the in-flight entertainment system, for example). This could then talk on the AFDX bus, given that the data originates from an 'approved' piece of hardware.
The likelyhood of some basement dwelling hacker managing to get this far and inject anything other then garbage into an avionics subsystem is vanishingly small. However, what with nationally sponsored hacking (Stuxnet, for example), it is entirely possible that a well funded hacker group could invest a few million dollars into an avionics test bench and buld something workable.
... the universe's belly button.
Or perhaps this is the drain that everything is circling.
So what user is this server running as? On my Linux boxen, Apache has its own user account with no special (admin) privileges. So even if someone manages to feed it something that it chokes on (and even with Linux/Apache there is a small possibility) the malicious code it is tricked into running can't get into other subsystems. Particularly if that same box runs a domain controller. With Windows and a clueless admin* this appears not to be the case. Worse yet, Microsoft seems to think that doing some user level stuff in kernel modules is a Good Idea. For performance, of course.
*Sometimes, one doesn't have a choice with Windows. Given that everything has a web based administrative interface (Windows admins can't be buggered to log on and use a command line), IIS pretty much has to run with admin (root) priveledges.
"And all ignoring two factors that virtualization can't fix:"
In these cases, virualization is like chicken soup. Will it help? It couldn't hurt.
"Why is that?"
Because management funds the development and deployment of an app. Once tht's done, the funds dry up. And it's the IT department's responsibility to keep the disks spinning and the hosts up. But nothing more.
Try going to management to request ongoing funding to keep applications current and ported to the latest platforms and see how far you get. IT management 'heros' are made when these legacy systems finally break down and the spare parts hoard for their servers runs out. The person that spearheads your companies program to finally get off IE6 will probably become a potential CIO candidate. If the grunts in IT had managed to keep it current with everything up through Chrome, nobody would notice.
The arguments about legacy hardware vs keeping apps ported to current platforms, consolidating lots of single purpose hosts into their own VMs, reducing the physical IT footprint and utility bill. All good arguments.
But then, in the last sentence, they said 'cloud'. And I sensed the presence of some cloud service sales rep whispering in my CIOs ear.
Hmm. According to some sources, the alarm at Hatton Garden did go off. But for some reason, it was not given the attention by police that (in hindsight) it deserved.
It's possible that the Holborn electrical fire and subsequent BT outages may have triggered quite a few false alarms* and resulted in the police ignoring this as just one more. Some forensic analysis into the cause of the fire should be done. And if it turns out that it was vandalism and possibly related to the heist, there are bigger problems. On this side of the pond, utility infrastructure is generally considered to be economically critical. Access to cable routing and other construction details are not easily available to the public. So there is the possibility of insider connections within the various utility companies.
*Triggering false alarms in advance of a burglary is one method of getting a real alarm to be overlooked or even have the system disconnected. Some years ago, a safety deposit box heist was facilitated by the thief renting a box and placing an alarm clock inside it. The alarm clock triggered a sound/vibration sensor in the vault, setting off the burglar alarm. Repeatedly finding nothing, the acoustic sensor was disabled (in the belief that it was faulty). After that, the theif struck.
Some years ago, I supported a system located in my companies data center that satisfied practically all of this articles 'should have' checklist. Except that it was built within a few hundred yards of the Seattle Fault.
Sadly, the system had originally been designed to be redundant and distributed. So that one clod tripping over a power cable would result in functions failing over to another site in the Puget Sound region. But the PHBs in IT management figured that all the redundant servers should be relocated to the one central site.
... that stone tablet the Statue of Liberty is holding with a laptop*.
*A Lenovo, of course.
"After all, who wants to stand in the street for days on end,"
This is why they hire homeless people to hold places in line. So here's another employment opportunity lost for the disadvantaged.
Apple might be upset by the difficulty that the general public has in telling the difference between fanboi hipsters and the placeholder hobos.
"It doesn't fit a supplier taking equipment. They'd just take their servers and leave the cabling untouched."
Good point. And the supplier would just hide the old servers somewhere on site. Then, when they get the call to put in new units, they just reinstall the old ones, bill the customer for the new hardware and put it (still in the box) on eBay.
Twice, by the looks of it.
"Science seems to point towards homosexuality not being biological, but instead psychological . So they're not discriminating against something you're born with, as would be the case with e.g. race."
Well, Christianity is a lifestyle choice as well. Should I be allowed to throw them out of my pizza parlor?
As to the nature/nurture argument: Science is pretty sure its both. Kinsey found that about 35% of the male population can be aroused 'both ways'. That appears to be the biological basis. From that point, it's psychological. You can marry a nice gal, raise 2.4 children and live in a house with a white picket fence. With only the occasional extra glance at the GQ models. Or you can march in the rainbow parade wearing assless chaps.
The remaining 65% of us have no choice. We are stuck with the runny-nosed kids, PTA meetings and driving a minivan instead of a Miata.
I was thinking more along the lines of how I'd handle a non Pastafarian ordering pizza from my establishment ..... without the obligatory side of spaghetti.
Infidels, the lot of them!
"Smart meters are full of electronics and capacitors, I suppose."
And batteries. Some smart meters can "phone home" over wireless networks in the event of an outage. That can give the utility operators an up to date picture of system conditions (during storms, etc.) instead of having to wait for customers to wake up in a cold, dark house hours later and phone the problem in.
The battery technology used might be something similar to that used in exploding laptops or burning airplanes.
"So suppose the line had been hit by a couple of million volt lightning strike?"
The upper, high voltage lines are typically protected against lightning strikes by surge (lightning) arresters. The lower voltage lines underneath are shielded by the presence of the higher voltage line on top. Lightning hits the highest point.
But if the upper 12 kV (?) line hit a 240 V line, the 12 kV surge protectors would see no unusual voltage.
"I don't understand how it took out 5,000 customers"
That does seem high. The article says 5,000 customers were affected. Which may mean that the higher voltage line was a major distribution branch and, when its fuse/breaker tripped, this group lost power. A linked article states that this accident occurred near a substation. So the fault may have taken the entire station off line.
The "Hundreds of smart electricity meters exploded" seems a bit odd. The 120/240 Volt lines feeding houses from stepdown transformers typicall feed from a few to a dozen or so residences. Back in the 'old days', these secondary circuits consisted of a low voltage distribution buss, fed by a number of transformers and covered a large area. But that construction is less typical these days.
It was a couple of Secret Service agents returning from a weekend of hard partying who took a wrong turn looking for the White House.
Looking back at all the photos of medium to long haired astronauts, I'm surprised that more don't go for the bald or buzz cut look. Or at least throw a scrunchie on it to prevent that "bad zero gee hair" look.
36? Try 12 shots with 120 film in 6x6 format (Rolleiflex SL66). Or 8 shots with an Zeis Ikonta (6x9 format).
Fortunately, I live a few miles from a major camera shop that caters to professionals with film and does 35mm and 120 developing.
"Vodafone was very pleased to have the world’s fastest bird as visitors to its masts, Gordon added."
Just have the Vodafone sales staff tell them how much faster they'll be if they upgrade to 4G (with a 2 year contract, of course).
Let me take this opportunity to register a protest on behalf of deviants everywhere.
I would think that legal documents would not descend to this level of unprofessionalism. Surely they could have just referred to the correspondence in Arkell v. Pressdram.
I don't know about that. I think we'll need a second opinion on that color.
"Something to do with water blocking radio signals..."
Deploy the towed VLF antenna.
.... the hookups between homo sapiens and Neanderthals. "Hey babe. Looks like the end of the world is here. What do you say we see it off with a bang?"
Paris, because this line might actually work given the opportunity.
"Instead of tempting other countries to come here, why not get this country to innovate and expand."
Because the tax rate can always be revised back up once companies have taken the bait. You can't un-innovate.
The other trick which I suspect would throw most thieves brave enough to attempt swiping my truck is to slip the transfer case into neutral when I park it someplace seedy.
My 36 year old car has a nearly foolproof anti-theft device. In addition to it being a stick shift (which most US criminals apparantly can't drive) it has a big knob on the dashboard labeled 'Choke'.
Crank away, guys. This thing isn't starting.
... who owns the HowToGiveHead.com domain? The business opportunities involved with the creation of subdomains ITaught<InsertNameOfPersonalityHere>.HowToGiveHead.com are almost limitless.
But judging from the picture, the ITaughtTaylorSwiftHowToPutOnMakeup.com domain is still up for grabs.
The US law requiring banks to "know your customer" is just an end run around our Fourth Amendment. Our law enforcement can't just go fishing for 'bad people' based on some profile. They need a warrant. So they just create a regulation that requires private entities to stick their nose in customers' business. And file reports with the regulators.
That said, HSBC are idiots if they had someone walk in the lobby and ask for advice on dodging the US taxman. Apply for an account under the name Mr Smith. Fine. Just make sure you comply with Swiss law. If the IRS comes in with a warrant based on some probable cause that Mr. Smith has commited some crime, then the account information will be delivered. But having money and a common surname isn't prima facie evidence of wrongdoing.
Our cops are getting lazy. And they are expecting private organizations to do far too much policing for them.
Company issued. Now, how to keep these inside the company, connected only to the 'secure' network. Back in the last century, when execs were issued a company laptop, part of the justification was that they could work from wherever they were. At home on the dialup or DSL. Or at one of those newfangled public WiFi hotspots in a coffee shop.
For all intents and purposes, those machines came back to work as disease-infested as the BYOD stuff that people were prevented from bringing inside. Issuing guidelines made no difference. "Whaddya mean, I can't install my favorite app on MY laptop?!" the exec bellows at the lowly IT person attempting to scrub the cruft off some VP's company laptop yet again. Or the warez that the bosses kid downloads when dad leave the machine unattended on the kitchen table.
... the ads: Increase your tablet size with this our product.
Warning: If Windows stays up for more than 4 hours, consult a physician.
"Unlike the Harrier, which could and did use thrust vectoring for VTOL and enhanced dogfighting capability to extreme effectiveness"
This is true. But I don't think the Pentagon brass ever 'got' the Harrier and its capabilities. The spec writers* said "vertical takeoff and landing" and that's what they got.
*In many cases, specifications are co-written by the suppliers. This is what we want to sell you. Write your requirements accordingly. Boeing was an underdog in that competition. So instead of taking an assertive position and telling the Pentagon what to buy, they did something that exposed their weakness, like asking a Marine pilot what they wanted.
' "shield" sticking up there.'
That's the inlet for the VTOL lift fan. To be fair, no streamlining is required in that flight mode.
But they do make my eyes a fetching shade of blue while I'm performing the obligtory reboot.
I thought it was almost lunchtime!
"Mongo says it is used by more than 2,000 customers, including 34 of the Fortune 100, with nine million downloads."
My Debian distro laptop ran mongodb. I don't know why. I discovered it one day when it seemed to be running a bit slow. So I ran a process list and found 'mongodb' to be hogging CPU cycles. I killed it and haven't noticed anything important not working.
So I'm not really sure what those 9 million downloads means other than it's a depenency of some little used utility tht people pull in when they run a package manager.