Re: SCADA Vulns

@Robert Helpmann??, you beat me to it.

One of the instances of SCADA code I'm aware of, is running on critically old/out of date Windows systems (as far as security hotfixes go, as well as still being 2000 and 2003 server), and still not firewalled off in an isolated network for at least some protection. The workstations around the SCADA systems are also critically unpatched, with an IT dept that tells the users IE 6 is the secure company standard, and Firefox is a security threat. This is a large US power company that has the best IT that lowest bid contracts will get it... If the other utilities are like this, we're pretty much doomed if a group of cracker/hackers decide to "throw the switch"

Sad face, well, it pretty depressing innit?...

Re: Cloud backup

@lotus49 - Agreed. Crashplan for me has proven pretty good for backing up and restoration from local and remote backups. I backup the laptop both to my local NAS and to their server. The local datastore makes for really speedy restores, but should something catastrophic happen, having the offsite backups is good too. Its backing up changed files every 15 minutes, so it would be pretty difficult to lose very much data. I don't notice it running, it just gets the job done non-intrusively.

Had my laptop hard drive go suddenly *POOF* earlier this year. Replaced it, got OS going, installed Crashplan, restored, and kept on going without too much fuss. Its also pretty cheap for the "family plan" to backup every device in the house regardless of OS (Win/Mac/Linux). Pretty happy that it does what it says on the tin since not every product (particularly Cloudy ones) do that.

Based on my recent experience with SSD failure (father in law's went PHFFFFT with no warning at all), along with hearing horror stories from colleagues on the same, something like Crashplan that is doing "cloudy" backups throughout the day is pretty much mandatory with an SSD.

Re: Clueless

@Ben Rose I'm not going to take offence, largely because I agree with a good chunk of your email. :) Particularly the part about Email and Notes not being a good match. I still contend that Notes is an application development platform, and the email features put in are a proof of concept app that never got the proper engineering time it deserved.

So as one of the clueless idiots, I'll say that 8.5.2 is pretty current, but I have no control of it. I really can't tell the difference as an end user between that and 4.5. At least it isn't 4.5.2 when I was last on Notes. The office doesn't want to screw with it any-more, so they're just going to ditch it and install Exchange. If you lose some emails, oh well. I've seen the same with major Exchange upgrades in the recent past. Noone seems to get that concerned about it any-more surprisingly. Save your old emails off in a pst and keep moving...

I'll agree with you - Notes is generally improperly managed, set out with bad defaults, and generally setup for failure out of the box unless you have good admins handling it. How many companies have that? IBM is setting it up for epic Flail it seems. Doesn't matter how big or small the environment, Notes seems to get the short stick on proper setup. You sir might be the exception.

But if you think they'll hire a (proper) MCSE for Window/Exchange (and I'll add Sharepoint) - you'd be wrong there. Any idiot can click the next key and install them, that's all the salary that will be paid for, and there we get into trouble on the newer platforms... Lack of expertise is even more rampant there...

Exchange allows you to attach to it with whatever client you want, and setup rules however you want out of the box with minimal issues on the administration side and some serious ease of use on the end user side. (that's a big plus and and has hinted to earlier a minus, because now any idiot that can click the next button calls themselves a Exchange Admin and makes mistakes that won't be seen for a year or two when the system goes BOOM)

Re: different beasts

Ogi, well, things move too fast to get much use from a turret's eye view. But for an after-action "report", that kind of thing would be nice to have and see just how bad a shot I am. :)

But yeah, CO2 powered cannons in turrets firing bb's to 1/4" ball bearings (or in Australia 3/16" to 1/4" ball bearings due to gun laws). WW1 to WW2 era ships (ala the Big Gun era). Been around as a hobby since 1979. Regular R/C has its pluses for easy entry, but if can get the code together for a Pi system for stuff like that (and have it available for other folks), it would add some extra features/functionality not available with a regular R/C controller. Combined with GPS, could have automated convoy's to shoot at. :)

Anyway - My point originally being that uses for the incredibly cheap Pi's are quite nearly endless, and that was just one example I don't think the Pi designers expected. :)

Re: mmmm.......

Yeah. You're reading too much into it, I don't think MS/Intel care currently. Although... The Altair started off pretty humble, and ultimately we had PC's grow to points that threatened IBM's mainframes. Who knows? The Pi as it stands now is PURE hobbyist/edu market though.

Re: different beasts

Agreed Ogi. Definitely different beasts. I plan on using the Pi in Big Gun R/C Model Warship Combat to replace the more conventional R/C guts while adding new functionality (like cameras, sensor readings and such that I don't have now). Some things are hard to tell from 50ft away with a 5-6' model ship on the water. I *suspect* the other robotic combat guys (ala the Robot Wars folks) will start doing the same.

The Pi ($25 for regular Pi and $35 for Pi+) can also get used in quantity with a lot more laissez faire attitude if your experiment doesn't work out. (and by not work out, I mean a release of magic blue smoke) Definitely a hobbyist board. Kinda like the Altair of old in that regard. I don't see doing that with the Intel board.

Penguin cuz that's what Pi runs innit it?

Re: What does it matter what its made of

@TeeCee

Due to circumstances out of our control, we are sorry to note that the Shark (previously used for our extremely popular high power Laser "engraver" mounts) is now on the protected wildlife list, and won't be available for delivery in the near future. Can we interest you instead in an extremely ill tempered Sea Bass(r) which to mount the laser on? Price and warranty are otherwise unchanged. As an additional service, for an extra $1 Million, we'll pre-mount the laser on your ill tempered Sea Bass(r).

Sincerely

#2

Sales and Marketing Director

Evil Mfg Inc.

Re: Its the ITU's standard

@Steve Todd,

Unless the ITU changed the legal definition of 4G (IMT-Advanced), they can SAY a company can call it 4G in a press release and not be sued by the ITU, but that doesn't protect the company from Government lawsuits and individual lawsuits because they violate the international standard set by the ITU. A press release isn't a technical paper on the spec, and probably hold little weight in court other than reducing the amount of damages that can be collected from Govt's and people suing. At least until the definition is *officially* changed 4G could turn into a Lawyer fest on a global scale... Until then the ITU won't get sued because its the international standards body, but anyone following the press release rather than the proper standard as written has their fannies hanging out.

Re: Its the ITU's standard

Well, the ITU is allowing non-4G speed devices to be labeled 4G for marketing (and it won't sue the carriers at that point), but AFAIK the actual legal definition of 4G wasn't changed. I looked to see if it had been changed, but looks like its still officially 100Mb/s on the go, and 1Gb/s while stationary for the 4G spec. Nothing to stop Government and individual lawsuits though, unless 4G specs have actually been downgraded. I haven't found anything saying the actual specs were downgraded, so it is still false advertising regardless of what ITU says in a press release. (unless there is a new 4G spec that has been downgraded and ratified)

From my own benchmarks, Sprint's WiMAX "4G" was only 6Mb/s and Tmobes HSPA+ is 37Mb/s. Neither is 4G, but at least Tmobiles is slightly faster than my Uverse connection.

Re: Seriously?!

@ P. Lee

"BYOD is an IT industry scam to sell management tools."

Oddly enough, I like the whole BYOD concept (using some sort of virtualisation to keep unencrypted corp data off ANY corp or personal mobile device - Laptops, netbooks, phones, tablets, whatever), but the same thought crosses my mind as well. IS it just a cool scam for expanding a market that essentially didn't exist 2 years ago?

Re: Complicated system is complicated

@NomNomNom

"A horrifically complicated system. So it'll be safe to throw a spanner in it then"

I'll see your spanner, and raise you TWO butterflies flapping their wings in Brazil... :)

Re: More importantly

responding to myself. I did find some benchmarks on Toms. My quick takeaway is that USB2 is their big holdup with UHS cards, so they went to USB3 for their desktop reader. The fact that the card readers on on phones/tablets are tied to the USB2 interface kills any chance of faster performance than USB2 is capable of. Looks like for write speeds it might still translate into faster xfers, but for reads it will not over a good Class10. Would UHS still be worth it? Possibly, but some of the Class10 cards are also pretty quick.

So if trying to figure out if one of these would help in an individual case, Benchmarks on the specific device would be required. At least until USB3 gets to the phones/tablets.

Re: More importantly

But I think that in spite of the Burst mode data transfer being lower in compatibility mode, normally sustained DTR should still be higher. I saw that doing some low end server testing when put newer SATA2 drives with higher data densities on older SATA1 interfaces. The DTR nearly doubled in spite of being on an aged/slow interface. I think we need real world benchmarks here.

Regardless, getting that much theoretical throughput for a MicroSD card is pretty exciting. I'm concerned about all the "weaseling" as well, since not all SDHC and SDXC interfaces have proven equal without adding "Compatible" claims on it.

Re: Yeah, but how much faster is this Class 10 card...

@Stuart - Rational world? Where the heck have you been lately? :) Thumb for your rationality though.

I agree Class 80 only makes sense though. Not sure why they stopped at 10. Maybe they hadn't seen Spinal Tap and realized they could at least get to 11?

Re: wussies

@Shady - No no no. Obviously you had too many, and meant to say EMACS! :)

(the old standby for how to create a usenet flamewar: VI vs EMACS)

@Paul Lee 1

I stand corrected. You are correct that I'd remembered the subsidized construction of Mauretania and Lusitania, and my fogged memory pulled the Olympic Class into that.

Re: "...which has trawled through some old shipyard records..."

Actually, British Steel (civilian and military) was a bit brittle all the way until fixed with the Nelson Class Battleships in 1923. So if you stick it in really cold North Atlantic water with mismatched rivets (expansion rates were different) and strike much of anything with a violent impact, you'll have a ship that sinks instead of staying afloat. Just because the rivets are there, doesn't mean they weren't leaking like a sieve. Titanic's design was sound overall though, with a compartmentalized double bottom and everything. Her construction materials however were not sound, and that's documented with civilian and military ships using the same brittle steel (the last major warship to have it IIRC was the Yamato class Battleships of WWII, and that was because the Japanese no longer had access to British metallurgical process improvements after the 1921 Washington Naval Treaty). Titanic *shouldn't* have sunk. Had she been constructed in the 20's to the same design but with 1920's vintage British Steel with the proper rivets, she *probably* would have stayed afloat, or the same steel with the right rivets even. Hard to know obviously, so its all conjecture. But this "new" report just confirms several other recent and not so recent reports...

Titanic was constructed as an Auxiliary Cruiser/Troop Transport that happened to be a Ocean going Passenger Liner during peacetime, so her protection was actually pretty good. In fact there is no comparison between Titanic's design (ala designed to stay afloat after a hit or two) and a modern Cruise Ship design which are just supposed to slow the sink long enough (couple of hours) so you can either get to the life rafts or so it can get back to port and then sink "safely". For one thing Titanic had waterproof bulkheads under the waterline. Ships like Concordia have splash-tight doors instead. If that had been Titanic hitting the reef instead of Concordia, Titanic would have still been afloat, particularly in warm Mediterranean waters.

Re: I would have thought the simple answer is...

I don't have a Facebook account either. Wayyyy too open for my tastes. Without easy to use Access Control Lists to keep people separated, eeeeeeeeeek. Lets face it, some of my buddies make comments that I'd rather my mother, wife, sister, daughter, nieces, etc not see.

Thanks to G+, I can still "friend" the HR Drone and put them in a circle by themselves so they don't see anything other than what I share with them and what's already public. The issue with the Google account though is they'd have access to a lot more valuable information than just whats on Facebook.

Going along with that, the Google accounts have the option of two factor authentication, so having the password won't do them any good unless they've got your phone as well to generate the secondary code necessary to log in.

If Facebook would enable two factor authentication as well it would cut down on this. Of course it then means that people have to enable it, and then go through the frustration of two passwords, one being random from the phone. Most non-security oriented folks won't go through the hassle...

Obliterate the US Political parties and start over

Stupid consequence#3: I'm sick of the whole shooting match.

Seriously starting to wonder if a Parliamentary system wouldn't do better... Or at least returning the Senate to being seated by the State Legislatures instead of direct elects. (it was supposed to be modeled after the House of Lords after all, not House of Commons part Deaux) That would at least keep the Dem/Repub bickering to the House and Executive and keep the Senate out of it.

Right now the House, Senate and Presidency are all essentially bribed by whoever puts up the money for their campaigns. Unions, Corp, PAC's whatever. The individual gets totally LOST in that shuffle. So no, your Representative or Senator is going to ignore you because you don't pay the bills, and who else would you elect anyway? It certainly wouldn't be from the other party... I'd love to get the Senate off the defacto bribery rat race of election campaigns, but I doubt that would happen.

But this is going wayyyyyy off topic...

Re: You don't need new laws

@James Micallef

It just takes ONE court case to set precedent within the framework of the existing laws, and that case apparently hasn't happened yet, but it will, and soon. If it doesn't set the precedent the lawmakers want, then they can change the laws to make sure it doesn't happen again. But adding law after law makes the legal code too cumbersome and filled with contradiction. I agree that asking for a password has to breach Privacy Laws. Even if it doesn't, the employer in doing so is assuming extra civil liability asking for potential lawsuit if there is ANY identity theft ever in that person's lifetime. Civil law instead of Criminal law. Whole different ball of wax there.

I think given enough time, Corporate Legal will tell HR to tell the managers to never, ever do that in an interview or face termination themselves on the first offence. Just right now there isn't guidelines on it, and Corp Legal is kinda slow at times to recognize new legal threats opened up by employee actions. I don't see a need for new laws just yet. Wait 6 months and see what happens.

Re: Quibbling with semantics

@Steve Todd

Unless I'm mistaken (and lets face it, its possible) - the standard is still 100Mbit/1Gbit to be considered "proper" 4G. The ITU decided to allow the 4G moniker to be allowed to be used for marketing purposes though for technologies that were on their way to "getting there", but does the ITU's marketing decision have legal standing in individual countries when it violates the actual ITU 4G standard? Sounds like shaky legal ground. Trade Regulators in individual countries could still claim false advertising *if* the ITU didn't actually LOWER the standard to 42Mbs downloads which is what Tmobile and Verizon in the US have currently.

Sprint was the first in the US to pull this bone head as a marketing scam. Who knew it would get so out of hand? What I do have to question is why regulators are just now seizing on this regarding Apple? I'm not exactly an Apple lover, in fact the opposite, but why pick on them now? Why didn't they go after the EVO4G, iPhone4 (coming after the 3G without proper disclaimers) and all the other "4G" stuff ages ago?