Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Nukes should already be hardened (Score 1) 39

Most national regulators require that any safety-critical computer systems in nuclear facilities are formally proven correct. Due to the difficulty in producing absolutely bug-free code, and proving that you have done so, a lot of systems continue to rely on pure analog control.

For example, nuclear-grade UPS systems typically offer a feature such as the following: "Digital logic free. 100% analog control with fully verified behavior. No need for expensive and time consuming software verification"

Similar validation is available for nuclear grade diesel generators and their control systems.

Similar design principles are often applied to the reactor instrumentation, although reactor control is usually digital and verified to the highest level. That typically means no inputs to the system, except the core sensors and core controls. The software uses only a minimal subset of language and OS features - e.g. no memory allocation, no dynamic linking or binding, etc. Calibration and model data must be built into code using a validated code generator and then statically linked into the binary, all memory must be statically allocated at compile time, etc.

The risk is whether less critical systems may be at risk - SCADA and similar systems may be in use for alternator controls, or in switchyard controls. The risk is that grid power to the plant could be interrupted, forcing the plant onto generator power. Or perhaps, other plant might be degraded - non-critical water pumps or plant controls, could mean that under degraded conditions, the plant has less tolerance to a reactor accident.

Realistically, unless you have schematics which detail the control systems in use, it is not possible to determine the severity of a particular attack. Further the interaction between different plant systems may be difficult to predict.

Even if the only realistic target for a cyber attack is the switchyard, that is still highly disruptive and degrades the safety margin of the plant by removing grid power as an energy source.

+ - Collection misconceptions: the air in the cabin is hazardous to health->

Submitted by Anonymous Coward
An anonymous reader writes "One of the components widespread among the people aerophobia — long-held belief that the air in the cabin liner, particularly heavily saturated with microbes and therefore catch a flight a breeze. At first glance it is. Inside, crowded, and the air inside the aircraft (especially when landing on it) seems a little stale."
Link to Original Source

+ - SPAM: Sim City 4 Cheats PC, Xbox 360,PS3

Submitted by Anonymous Coward
An anonymous reader writes "- The original Sim City 4 Cheats was very simple and by today’s standards, very primitive. The graphics were crude two dimensional blocks and the terrain itself was pretty unrealistic. But people had a blast playing it. As you kept building onto your city, which had to be done under certain basic rules, it became harder and harder to keep it from crumbling under your nose. There was a degree of realism to the game. As your city grew and the population grew with it, so did crime, pollution and all the other negative things that went along with Sim City 4 Cheats."
Link to Original Source

+ - Google Earth API Will Be Retired On December 12, 2015

Submitted by Anonymous Coward
An anonymous reader writes "Google today announced it plans to retire the Google Earth API on December 12, 2015. The reason is simple: Both Chrome and Firefox are removing support for Netscape Plugin Application Programming Interface (NPAPI) plugins due to security reasons, so the API’s death was inevitable. The timing makes sense. Last month, Google updated its plan for killing off NPAPI support in Chrome, saying that it would block all plugins by default in January and drop support completely in September. The company also revealed that the Google Earth plugin had dropped in usage from 9.1 percent of Chrome users in October 2013 to 0.1 percent in October 2014. Add dwindling cross-platform support (particularly on mobile devices), and we’re frankly surprised the announcement didn’t come sooner."

Comment: Re:What is critical thinking? (Score 4, Interesting) 553

by ChumpusRex2003 (#48223369) Attached to: Employers Worried About Critical Thinking Skills
Which is exactly why the "establishment" has been trying to ban it.

No, really! The Republican party had the opposition of "teaching of higher-order thinking skills, critical thinking skills and similar programs" in schools written in their platform document as one of their policy aims.

Wash post

Comment: Re:Computer Missues Act 1990 (Score 3, Insightful) 572

Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill. The problem is that this was not accidental. The FTDI anti-clone code in the driver is very sophisticated and actually performs a "preimage" cryptographic attack, to ensure that the clone chip doesn't detect the invalid configuration and auto-reset to factory defaults. Deliberately and with premeditation setting out to "damage" (which in legal terms includes temporary malfunction or impaired function) hardware is not legal without a court order or similar legal basis. The 2nd issue, is that of ensuring that they do not inconvenience wholly innocent parties. They failed at this. The FTDI anti-clone code will also deactivate genuine FTDI chips which have been configured with an external configuration memory in certain circumstances. This has been reported by a company which build development boards with numerous FTDI chips in different configurations; they found that the chip with an external EEPROM would get corrupted by new driver, even though the components were obtained from an authorized distributor.

Comment: Re:"Reasonable" my ass (Score 3, Insightful) 700

by ChumpusRex2003 (#48208525) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.
However, a lot of manufacture is contracted out. If you're buying 10 or 20 chips for internal R&D you'll likely get genuine ones.

However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.

You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.

This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.

Comment: Re:The good news (Score 5, Informative) 700

by ChumpusRex2003 (#48208359) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.
Yes. A company called Supereal is selling enormous volumes of "FTDI" chips into the Chinese market. The chips are labelled with the FTDI name and logo and during the USB negotiation, they announce themselves using the FTDI vendor unique ID, in order to use the ubiquitous and flexible FTDI driver (rather than require any development work for their own driver).

See for an example of a fake chip - labelled FTDI on the outside, but supereal on the silicon.

The problem is that the fake chips are buggy and slow compared to the genuine article, causing headaches for USB peripheral designers and support and reputation headaches for FTDI. There is a huge market for USB UART chips, and it is quite competitive, but few of the products on the market are actually as reliable, fast and robust as you would expect them to be. The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.

It appears that FTDI have reverse engineered the fake chips and found that they can be reprogrammed. When their driver detects a fake chip, it uses the internal configuration commands to erase the EEPROM memory containing the Vendor Unique ID. With this EEPROM blanked, the chip is unable to complete the device detection process in the OS's USB stack.

Comment: Re:no? (Score 4, Informative) 38

by ChumpusRex2003 (#48064205) Attached to: Snowflake-Shaped Networks Are Easiest To Mend
The aim was not to find the "best network", but the "best network without redundancy".

The point was that most networks are designed with redundancy in mind, but not all networks require that degree of reliability. For those networks where reliability is not necessary, it would be helpful to know what the lowest cost configurations are.

Comment: Re:Oh good (Score 1) 907

by ChumpusRex2003 (#47998799) Attached to: Miss a Payment? Your Car Stops Running
one or both of them are full of something. Not necessarily. They could both be right. The interlock device only defeats the starter. However, if the car lessee is defaulting on lease payments, then it is likely that they are also cutting back on scheduled maintenance and repairs. It is entirely possible that the engine is unreliable and idles poorly, being prone to stall when idling. It is perfectly possible in such a case, for a driver to reach an intersection, have the engine stall, and then be unable to restart it because the interlock has defeated the starter.

Comment: Re:Keep your important data on current storage. (Score 1) 113

by ChumpusRex2003 (#47955735) Attached to: Data Archiving Standards Need To Be Future-Proofed
And only one variant of one JPEG protocol ever found widespread use. JPEG actually published both a lossless and a lossy compression algorithm and accompanying file format. The lossless format faded into near total obscurity, apart from some medical software, where the lossless JPEG data would be encapsulated in a medical (DICOM) container. Technically, lossless JPEG is a mandatory part of the DICOM specification, but not every product (free or commercial) supports it, and it's virtually impossible to find an opensource implementation of lossless JPEG outside of limited implementations as part of medical imaging tools. There have also been a variety of extensions published to the JPEG lossy algorithm - notably extension to 12 or 16 bit depths. Good luck finding any support for these, at all. Again, these formats were nominally supported in the DICOM standard for medical imaging, but were very poorly supported. A flurry of naive new-entrant machine vendors, ended up embracing these "novel" formats, only to cause total chaos for their customers, as they found that the files were unviewable on incumbent viewing software or untransmittable to other systems.

Comment: Re:Interesting difference between GPS and Galileo (Score 3, Informative) 140

by ChumpusRex2003 (#47737839) Attached to: 2 Galileo Satellites Launched To Wrong Orbit
The SAR component of galileo is a separate service to the positioning service. The intention is that it can operate as an EPIRB receiver. Conventional emergency beacons can be located by satellites, but the resolution is poor (tens of miles) and the time to fix is long (30-60 minutes). The beacon transmits a signal, and suitably equipped satellites detect the beacon, and relay it to ground stations, which then compute the location of the beacon by measuring the change in Doppler shift as the satellite flies by. The SAR component of galileo was designed with the intention that the overhead satellites would detect the time-of-arrival of the beacon signal and cross reference it with the satellites' atomic clocks, effectively performing a reverse GPS-fix. Such a system would be able to obtain a fix within minutes or seconds, and such a fix would likely have a resolution of 1-2 miles. The SAR component is not a mandatory service. You can use the passive location service without implementing SAR in a device. You would only use the SAR service, in an emergency locator beacon device. At the time the galileo SAR system was designed, feedback was a problem with locator beacons. The user had no idea if the signal had been received. Later revisions to the system mean that modern beacons and satellites now offer two big upgrades - the beacons can contain a passive GPS reciever, and can embed the location data in the beacon signal; and the satellite system can transmit feedback to a compatible receiver telling it that it's signal has been received and a position fix made. The Galileo SAR function is therefore rather redundant, but it's often helpful to have a 2nd independent and redundant safety system available, so I can see that it would still get used.

+ - The Windows Store is a Cesspool of Scam Apps, Why Doesn't Microsoft Care?->

Submitted by capedgirardeau
capedgirardeau (531367) writes "Microsoft’s Windows Store is a mess. It’s full of apps that exist only to scam people and take their money. Why doesn’t Microsoft care that their flagship app store is such a cesspool? ... It’s now been more than two years since Windows 8 was released, and this has been a problem the entire time, and it is getting worse. If Microsoft was trying to offer a safe app store to Windows users, they’ve failed. Searching for most popular apps will return a list of many scam clones that charge a fee for what is a free app from the official publisher and you have to hope there is no malware installed as well. Worse yet, the Windows Store is now integrated with the system search feature. Search for an application using the Start screen search or search charm and these garbage apps from the Windows Store will appear. The article points out the reason is probably "Microsoft hasn’t been encouraging quality apps. Instead, they just want quantity. In March, 2013, Microsoft ran a promotion where they paid developers $100 for each app they submitted to the Windows Store or Windows Phone Store.""
Link to Original Source

+ - SPAM: Deciding on Logo Design Services

Submitted by Anonymous Coward
An anonymous reader writes "It is a difficult task to compare and decide on the various services offered by logo design companies. However, if you are on a strict budget, you have no choice but to look for an affordable and effective logo design package offered by companies. Usually, a lot of small business owners would look for services that are affordable but has value for money. Not all business owners have a lot of budget and usually, they are very particular in every expense that they made. For business owner who are on a limited budget but would like to have a company to design their logo, there are some companies that are offering low cost packages but will guarantee you with professionalism. These packages will ensure that your budget is just right for the services that you need.

You can have a professional looking company logo at the rate of your budget. This means, you'd be able to establish your trademark in your business industry. Keep in mind that the services offered by companies would vary in prices so you need to look for companies that are offering low cost packages. Compare the services offered by each company so that you can choose which one provides the best services. Designing a logo for your company can be difficult especially if you would like to stand out against your competition. You can choose to have a simple or a complicated logo depending on your preference. Visually appealing colors are also much preferred.

When choosing colors, you need to make sure that it is the color that your target market would usually respond to. As much as possible, you need to make sure that the logo that you have created is readable and clear. Always keep in mind that your company logo would be responsible for representing your company. Hence, you should be particulate in having your logo design. You can always consult the logo designer regarding the colors and the designs that you are going to use. The professional designer will be glad to assist you and answer your queries regarding the logo design."

Link to Original Source

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!