Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:This is what real choice looks like (Score 3, Interesting) 406

I agree. Think of it this way, Apple are trying to push Apple pay which makes use of the system security provided by the fingerprint scanner (the private keys for apple pay are split between the fingerprint scanner chip and the crypto engine chip on the motherboard, so that compromising one chip doesn't reveal the whole key).

At present, the OS will disable apple pay when it finds that the finger print scanner fails to negotiate key exchange correctly; this potentially ends up with a tech support call to apple, or a social media posting saying, "why does my apple pay keep screwing up?".

Now consider what happens when there are a large number of field-repaired phones with knock-off fingerprint scanners. They appear to work fine, but some features are broken in subtle ways. The customer is confused; they may not relate it to the repair they had done; it creates an impression of an unreliable product and an expensive customer support nightmare. Clearly, apple want to stop this before it becomes endemic.

With the OS doing a full power-on self test on the security infrastructure, such a fault would be detected at the first reboot after the damage occurred, or after a repair using an incorrect part was performed. The security failure can now be easily attributed to the damage/repair, even by users of social media and journalists. This ensures that repairers don't perform half-assed repair jobs which can lead to incomplete or faulty operation (on what is marketed as a premium product).

Comment Re:No build-out costs? (Score 1) 173

I guess that in that region, the legislation doesn't allow the utility to charge the customer the capital costs of new capacity. In the UK, the utility can charge the customer the capital costs of a network upgrade (on a pro-rata basis - e.g. if a network provider chooses to replace a 10 MW transformer with a 20 MW transformer in order to service a new 5 MW customer, then they can bill the customer for 50% of the capital costs prior to agreeing the connection).

We had this issue recently at the hospital where I work. The hospital had a single (non-redundant) 2 MW supply, which was at breaking point (in fact it did break), to the point that in Summer the buildings manager turned off all the AC campus, except that necessary to prevent overheating of critical care areas. Even then, it was necessary to curtail use of big power hogs like CT and MRI scanners.

The hospital wanted an upgrade to 4 MW, but also wanted dual redundancy. They ended up having to pay for 6 MW of network upgrades (2 MW upgrade + 4 MW of redundant network provision).

Comment Re:That's a lot (Score 1) 187

GPS is not a particularly stable frequency reference over the short term due to atmospheric distortions and various other noise sources. However, over the long-term it is outstanding.

The normal process is to use a very high quality short-term stable oscillator, e.g. a temperature controlled quartz crystal oscillator - but discipline it to the long-term stable GPS signal. Over periods of hours to days, the quartz oscillator can drift in frequency due to aging, shifts in environmental factors which affect the regulated temperature, etc. By averaging the deviation of the local oscillator from the GPS reference over a suitable period, and gradually tuning the local oscillator to null that error, you can get a frequency with the short-term stability of top-quality quartz, with the long-term stability of GPS.

A similar principle is used with atomic clocks - the atomic reference is used to discipline a good quality quartz oscillator. However, the long term stability of rubidium clocks is several orders of magnitude worse than GPS, hence it is common to find many capable of being disciplined by GPS, or an alternative very high stability atomic source (such as a caesium clock, or hydrogen maser).

Comment Re:Most of the above (Score 4, Informative) 232

Actually, all new commercial reactor designs have had load following capability designed in.

The current generation of PWR reactors can turn up or down at up to 5% of full power output per minute within a range of power outputs typically 50-100% (without restriction), or between 25-100% with a restricted number of cycles (10 per week). The idea is by keeping the system isothermal and isobaric within the 50-100% range, there are no fatigue issues. With the use of high burnup enriched uranium fuel, there are fewer issues with xenon build-up than was the case in low-burnup, low-enriched fuels used in older designs.

With BWRs, a substantial part of the control range is done by controlling reactor feedwater flow, as opposed to using control rods. This means increasing power is simply a matter of increasing feedwater flow by turning up the feedwater pump speed. With BWRs there are no heat exchangers, as such, only the fuel and cladding, these have extremely low thermal mass, so there is almost no time lag between the change in flow rate, and changed steam production rate. The only limiting factor is the risk of thermal shock to the fuel pellets and cladding; so, while ramp rates of >30% per minute can be performed, the number of such cycles each fuel rod is exposed needs to be strictly limited.

This doesn't address the issue of economics of load-following nuclear, which are problematic because of the capital expense and low fuel costs. However, there are regions where solar and offshore wind are being used in load-following mode, and these are far more capital intensive. France load-follows their nuclear plants, with an average load factor of about 70%, and they find that the economics are acceptable.

Comment Re:Typical Liberal Thinking (Score 1) 109

Indeed, the £92.50/MWh is certainly fairly generous, but in reality, even new-build CCGT is expected to have a levelised cost of energy in the UK in the region of £70-80/MWh depending on assumptions about load factor and price of gas/carbon taxation.

That said, the contract for difference method of subsidy has the advantage that there is no up-front cost for the taxpayer; the taxpayer only pays based upon performance. The CfD expiry date is scheduled 35 years from the date of expected start of commercial operation. In the event of construction delays, such as the clusterfucks in Finland and France, then the expiry date should remain fixed.

The advantage over this method over things such as direct cash subsidies or loan guarantees, is that the taxpayer is protected from all construction and engineering risk.

In addition, the government is trying to change the CfD arrangement for new low-carbon build. Up to now, the agreement has been a fixed price tariff - £155/MWh for offshore wind, and £100/MWh for onshore wind. From this year, the CfDs are awarded on a competitive basis, so construction firms bid at auction for the CfD, and the lowest strike price gets the CfD.

I fully expect that for any additional nuclear build, there may be an element of competition in the application process, particularly as there are several consortia who have expressed a strong interest.

Submission + - UK to ban "unbreakable" encryption (telegraph.co.uk) 1

Retron writes: The Telegraph reports that the UK Government is going to ban companies from offering "unbreakable" encryption, effectively requiring a backdoor in products from the likes of Google and Apple. The reasons given are that they don't want the likes of terrorists and paedophiles to communicate in places the Police can't reach.

Given that Apple especially makes a big fuss of their encryption standards, will they really cave in to the Government's demands? Will the population support the moves? And why is there no mention of Tor or VPNs?

Comment Re:How about IMPRISONING those responsible (Score 1) 169

The company did have a lockout procedure and a "permit to work" procedure. The problem was that there were two different companies working on the same site and they failed to have a proper protocol when one needed the other to disconnect power.

The facility had a single power feed, and the routine maintenance and supervision of the electrical system in the building was outsourced to a building management company. The provision of a second supply and associated switching system was being performed by a specialist electrical contractor.

The time came to disconnect connect the IT loads from the incumbent single-feed switchboard to the dual-feed switchboard during a period of scheduled downtime. The building management contractor issued a "permit to work" to a cable jointer to disconnect a sub-switchboard from the main supply and connect it to the new dual-feed switchboard; the permit certified that the main supply had been turned off and locked out, and would only be unlocked upon return of the permit.

The original plan had been to connect the IT loads first, then connect power to the new switchboard. However, because of a specification error when procuring the switchboard, it had been modified on-site, and following modification required live tested prior to connection of any IT equipment. As a result, it had already been connected to both the existing supply (under the management of the facilities management company), and also to the new supply (which had not yet been handed over, and remained under the control of the installing contractor), before any outgoing cables were connected.

While the building management company had disconnected the building's main supply and locked it off prior to issuing the permit to work on the switchboard, they had failed to contact the contractor handling the 2nd supply and failed to ensure that the 2nd supply was also locked out. As a result, when the cable jointer set to work, the switchboard was still energised by the 2nd supply. Although the connections that the jointer was working on were dead and isolated by a switch in the switchboard, as the switchboard was open, he accidentally contacted the busbars fed from the 2nd supply and was electrocuted.

Comment Re:...hours? (Score 2) 167

Emergency core cooling, formally known as the passive residual heat removal system (PRHR) is provided by a gravity pumped heat exchanger which transmits heat from the reactor coolant into a 1 million litre refuelling water tank in the containment building. To initiate passive cooling, there are 2 parallel valves which hold the circuit closed, each capable of providing 100% of necessary flow. The valves are dual-activated (DC electrical and pneumatic). They fail open under spring tension in the event of failure of the control signal.

In the event that both PRHR valves fail to open, then the reactor circuit will be vented into the containment building (simulating a pipe break). This will cause the reactor circuit to lose coolant and trigger the emergency cold coolant injection systems. A series of gas-charged hydraulic accumulator tanks discharge in sequence into the reactor to ensure it remains full of water, while steam is allowed to vent through pressure relief valves. Each stage of coolant injection has two fully independent dual redundant trains, with the key valves being dual redundant, dual-activated and fail-open within each train. This culminates with valves connecting the reactor coolant system and the refuelling tank together opening, providing 1 million litres of additional coolant capacity.

After about 24 hours (or sooner in the event of a large pipe break) coolant injection is complete, the reactor is fully de-pressurised and the circuit is fully open to the containment building. The refuelling tank will have been drained, either through a pipe break (or manually) and the water will completely submerge the reactor and its associated piping. The decay heat from the core can then escape via the reactor vessel walls and pipes into the water flooding the containment.

The core injection systems are sufficiently powerful that clean rupture of a 25 mm diameter pipe will not result water level dropping below the top of the core at any time. In the event of a large pipe break (e.g. a clean rupture of a 350 mm PRHR pipe), then temporary uncovering of the reactor core is possible, and this may result in overheating and damage to the fuel, however, because of the very high capacity of the coolant pressurizer and coolant injection tanks/accumulators, and temperature rise is brief and below the level at which the fuel rod cladding is expected to fail or produce hydrogen. As is conventional for nuclear pipework, the pipes are built in such a way that they are intended to leak long before rupture, so a clean rupture would be a rare event.

Comment Re:...hours? (Score 4, Informative) 167

The AP1000 has a number of on-site and internal reserve water tanks, holding close to 1 million gallons of demineralized water.

The plant has several electric pumps capable of transferring water from the bulk tanks to the containment cooling system, which could be connected to portable generators in a serious emergency. The plant also has multiple connection ports for portable pumps allowing water to be transferred into the containment cooling system from the bulk tanks or from fire engines/water tankers.

As the containment cooling tanks are at atmospheric pressure, only low pressure pumps are required, unlike at Fukushima where emergency response teams were trying to use pumps to inject water into the reactors at dozens of atmospheres of pressure.

Comment Re:...hours? (Score 5, Informative) 167

The AP1000 has 72 hours of decay heat removal capability in the event of total loss of onsite power. If no action is taken to replenish cooling water, then decay heat would cause overheating and overpressure of the containment building and require venting of the containment building to the atmosphere. Radioactivity release from such venting is likely to be low unless meltdown or fuel damage has already occurred. Due to the large inventory of water within the containment building, decay heat is unlikely to result in meltdown for many days following the exhaustion of the containment cooling water.

In order to ensure integrity of the containment, additional cold water would need to be pumped into the containment building roof tank within 72 hours. This could be by restoration of the electrical supply, use of diesel powered water pumps held on site, use of portable water pumps held near site, or by use of fire pumps.

The ESBWR which is the main competitor to the AP1000, meets the Gen3+ requirement of 72 hours of decay heat removal without operator intervention. Like the AP1000, no diesel or grid power is necessary to meet this requirement. Like the AP1000, the ESBWR has 2(N+1) redundant UPS systems with 72 hours of battery autonomy for shutdown control and monitoring equipment. However, the ESBWR has a 7 day reserve of cold water for containment cooling. In the event of operator inaction, the UPS batteries will deplete after approximately 72 hours, but passive containment cooling will continue for up to 7 days before water tanks would need to be replenished.

Comment Re:Hack used SQL injection .. (Score 1) 46

Except we're not talking about complex security models such as role-based access, split encryption keys, external audits and pen-tests.

This is the most basic level of security: Failure to validate user input, and the continued use of dynamic SQL statements rather than prepared statements - something which is a trivial code modification.
Storing customers bank/credit card details in the web-facing application database (as opposed to communicating them to a payment application/processor or separate internal system) - something which is just totally inept design

Beyond that, it is clear that they don't make use of good development practice. A quick look at the source for their web site shows stuff like inline CSS, comments all over the place, IFRAMES, etc. All that sort of stuff indicates that they don't have adequate code standards, they are unlikely to be using a version control system, and they have no idea what an XSS vulnerability is.

Finally, it is obvious that the communication between their IT department and CEO is sorely lacking. This is the 3rd time they have been hacked and suffered a major data breach. It is clear that they learned nothing the first 2 occasions. The CEO made a public media statement saying that she did not know if customer details, passwords or banking details were stored in an encrypted form, and did not know how long it would take to find out (it's hard to believe that the CEO could not have asked the CTO, or that the CTO wouldn't know, or be able to find out). Moreover, the advice to customers given via the media has also been incorrect (e.g. Q: How do I know if an e-mail purporting to be from talk talk is genuine? Check the "from" address shown in your e-mail software. If it is genuine it would be a talktalk address.)

Comment Re:Company shouldn't have to pay for relocation (Score 1) 157

I guess it depends on the exhaust system. I've seen several different hospital systems.

One had a 1500 kW generator which was so loud, that you could not walk down the road between the hospital and the generator building without ear protection. It was so loud, that it was painful even with fingers in ears. Even inside the hospital building itself, the generator was so loud that you could not hold a conversation at a normal level of voice - although, it was offices, rather than any medical areas that were most severely affected.

A different hospital had a similar sized generator, but it was so quiet that standing next to the generator building, it just sounded like someone had left an AC unit running. You could smell the diesel exhaust fumes for a good half-mile away though.

Comment Re:Privacy = $9.52 (Score 1) 58

21,000 customer records were sold. The records contained names and addresses, and could be supplied pre-filtered by critera such as age, sex or whether a purchase had been made within the last 12 months. As far as I can tell, the records did not contain purchase history or other medical information. I would have expected the fine to be considerably higher if it had.

The official enforcement notice from the information commissioner can be found at https://ico.org.uk/action-weve...

In short, pharmacy2u required uses to register and provide name, address, DOB, etc. when registering a user account. During registration, there would be a checkbox to indicate consent for their details to be passed on to third parties for marketing purposes. Importantly, the box was pre-checked, so users had to actively opt-out. P2U offered their customer list for sale via an agent, allowing filtered lists (from consenting customers) to suit the client's requirement. 2 of the purchases of the customer list were obvious scammers: a classic postal lottery scam, supplements from a supplement vendor who had already been censured for making false claims. P2U executives had to personally approve the requests for sale of names/addresses. In the case of the sale of the names/addresses of 3000 elderly customers to the lottery scammers, the executive even suggested a change to the scammer's mailshot because it sounded too scammy.

The reason for the fine was based on the fact that the sale of personal data to scammers was not adequately covered by the "consent to share details for marketing purposes", and the consent was dubious anyway due to the opt-out checkbox. Further, the because the P2U customers included vulnerable people, there was a significant risk of financial or medical harm to customers by allowing scammers to obtain the customer list.

Comment Re:Was 200K more or less? (Score 1) 58

The data was sold for £130 per 1,000 names/addresses - so in this case, a total of 21,000 name/address records were sold for about £2700.

In this case, they were only selling a mailing list, and not medical information. However, the reason for the ruling was that customers from pharmacies are more likely than the general public to be vulnerable, for example, being elderly or having dementia; and that the company had not made clear when signing up for an account, that they would sell the data.

Slashdot Top Deals

Were there fewer fools, knaves would starve. - Anonymous