Forgot your password?

Comment: Re:Series hybrids (Score 2) 239

by M0HCN (#46086365) Attached to: Nissan Unveils 88 Pound 400-HP Race Car Engine

The problem with gas turbines is that small ones are not noted for efficiency (It has to do with the engineering tolerences of the compressor blade tip clearance among other things), and the bearings generally dislike the imposed accelerations when a high performance road car turns hard (Extreme gyroscopic loads). An electric drive chain with some secondary storage would however somewhat reduce the problems with horrible throttle response inherent in needing to get the mass flow up in sync with the extra fuel.

In the few hundred KW class petrol (if weight matters) or diesel (if it matters less) is the way to go.

Rover cars experimented with small turbines back in the 60's, unfortunately the problems they found have not gone away.

Regards, Dan.

Comment: Re:Article completely misquotes NYT (Score 4, Informative) 233

by M0HCN (#46037947) Attached to: Ukrainian Protesters Receive Mass Text Message Ordering Them To Disperse

OpenBTS, some SDR boards, a bulding overlooking the site, total cost maybe $5K or so and a week or so of codesmithing.

The trick is to jam the 3 and 4G services so as to force the phones to fall back on basic GSM with its notoriously broken authentication and crypto. For someone who can afford a handful of Ettus research products this is not a big deal to pull off.

Of course the other trick is to not get caught by the powers that be, unless of course you are the powers that be....

73 Dan.

Comment: Re:Some of them expose to the internet via VNC... (Score 1) 195

by M0HCN (#45933099) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

Yea honeypots can be amusing to run sometimes.
The scary thing is that I suspect that some of them are real, and for a state actor the honeypots are not a big deal!

Exploits are rare for three reasons, firstly there is little profit to be had as a non state actor, no obvious oppertunity to profit in a way that doesn't attract a drone strike, secondly to actually do anything really interesting with these systems requires a level of familiarity with the tools and languages which is rare enough that these systems are seldom the low hanging fruit for script kiddies, thirdly nobody is going to fess up in public to having had their chemical plant hacked, the regulators response would be a nightmare.

Regards, Dan.

Comment: Re:Why the hell (Score 2) 195

by M0HCN (#45932795) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

Security/convinience tradeoff? You try explaining that to a building contractor sometime!

As to the interfacing, it depends, sometimes it is a direct link to the plc, sometimes the plc talks CAN or RS485 or such to a windows xp box which runs a web gateway... I personally think the first option is likely more secure, especially when the machine in the corner of the plant room is found by the local security guard to be a good place to browse porn sites and download videos on the night shift (It happened, and I bet we were not the first, I found out when we got a phone call from the ISP about something on our network abusing port 25 outbound).

Generally security is not mentioned in the contracts for the installation of this stuff, and is at best an afterthought by non specialist developers, the effectiveness of this is left as an excersize for the reader.

Note also that the support contract with the installer often specifies that no software is to be installed on the user control computer except by their engineers (Who might come out once a year and then forget to do it) and this includes updates for security fixes.

73 Dan.

Comment: Re:Why the hell (Score 3, Insightful) 195

by M0HCN (#45932491) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

Because actually it is really very operationally useful, and USEFUL in normal use trumps security EVERY SINGLE TIME.

Consider someting simple like a public building heating control system, this is probably a modest PLC from the usual suspects, now if I am the poor sap in charge of the building systems (Nightmare, been there, done that), and the thing alarms at say 2100 on my day off, I have a choice:
I can go in and clear the (often but not always) unimportant problem, takes me an hour to get there and I was on my way in to see a show when it went off, or I can log in over the internet from my phone, see that the problem is that the number two AHU intake filter is showing high backpressure, clear the alarm and make a mental note to replace the filter next time I am in.
Same thing if the office phone up wanting me to change the setpoint on the air in the art gallery because some conceptual art is made of butter and is tending to melt (I kid you not, really happened).

Remote access to these systems is USEFUL, and nobody considers security until it bites them.

Further plant engineers still think in terms of 'ladder logic' which is essentially logic consisting conceptually of relays and coils and the connections between them, they are not by and large networking folk, and plugging the plc into a port on the external side of the firewall makes everything work where plugging it in inside the firewall makes the remote control not work properly....

Regards, Dan.

Comment: Re:These issues have been flagged for 10 years (Score 1) 195

by M0HCN (#45932371) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

Most of these things can be taken to at least a semi manual mode of operation (It might require more people out on the floor manually tweaking things) but I suspect that most of these systems are actually simple enough on a local level that a good tech team with screwdrivers and set of schematics can fairly quickly get the PLCs out of circuit and some switches and pots and meters wired in (Most systems have switches on things like pumps and switchgear labelled along the lines of auto-off-manual already), worst case a laptop, a can card and use canoe or canalyser to talk to the valves and inverters directly.

Doing this does of course then depend upon having enough process engineers who really understand the plant to be able to run it with a board full of switches (and few if any interlocks) rather then letting the computer handle the details, this is probably the real issue as keeping such people on staff is expensive and is the reason you went heavily computerised in the first place. Getting management signoff could also be a problem, boards with billion pound assets like to hire consultants before letting the local on site guy fiddle with the flow rates and heat levels on the refinery heavy oil cracker without any interlocks.

There are of course systems that need the computer support, but even things like power stations (yes, even the nuclear ones) actually do not strictly need it, for all that bringing a set on line without it may require getting some people out of retirement to demonstrate the trick to it, and running without the computers would probably require emergency permission to violate all sorts of regs.

Damaging? Of course.
Disaster? Only if you cannot find the people who can deal with the loss of PLC support or if the attack causes the PLCs to damage the plant before the humans can step in.

The other major issue here is that while the scada controls may be more or less homogenous (Lots off Simens stuff out there) the systems they are controlling are anything but so a broad attack would probably be able to take the automation off line or change set points at random, but you could not easily write an attack to say cause the grid frequency to try to rise to 400hz, because there are far too many variations in the physical connections between the PLCs and the rest of the plants out there.

The scary thought is that it is not an attack on the SCADA running the pumps and power that would be really damaging so much as one of the machines running say the stock exchanges, repairs to some damaged pipes, boilers and transformers might take a few years and cost a few billion, repairs to the confidence in the financial system after some banker has diddled the risk models to ignore the sub prime lending risks.......

Regards, Dan.

Comment: Some of them expose to the internet via VNC... (Score 5, Informative) 195

by M0HCN (#45932183) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

At 30C3 someone ran a portscan on the VNC port of the entire IPv4 internet, with 'interesting' results, highlights of which included a swimming pool chemical dosing control system, various power generation and control systems, building environmental control systems, air handlers, all sorts of wild and whacky things, some of them lacking in even the rudiments of passwords never mind proper crypto....

The best one looked to me like a medium voltage distribution cabinet where the setpoints on the overload trips looked like they could be reconfigured from the internet!

Ahh the things you can do in reasonable time with a 100Gb/s of bandwidth, the rsulting slides at the closing event (which is where I ran across it) were very, very scary.

SCADA on the internet is a really, really bad thing.

73 M0HCN. :wq

Comment: The CCC have history with over hyped biometrics (Score 2) 481

by M0HCN (#44919789) Attached to: CCC Says Apple iPhone 5S TouchID Broken

As the German interior minister Wolfgang Schäuble discovered in 2008 when he got all hot for biometric ID cards, the CCC lifted his prints and published the required data as well as a latex print in a little bag in the magazine... The idea went away.

I would be inclined to believe the CCC in this matter, they have form for calling out over hyped biometrics.

Regards, Dan.

Comment: Re:Holy EMF Batman? (Score 5, Interesting) 242

by M0HCN (#44813547) Attached to: Wireless Charging Start-Up Claims 30-Foot Radius

Well many homes already posess a 2.4GHz ISM band field generator, a few minor modification to the door interlock any you have just saved yourself $100.....

The trouble with shrinking this sort of thing is that it moves you from a near field situation, where coupling is largely magnetic, to a far field one where coupling is electromagnetic (Yes I know they both are really electromagnetic, bear with me), and that raises interesting questions of physics, and also of local power density close to the transmitter.

Now, there is also the health physics questions which for a non ionising EM field at 2.4Ghz come down to considering thermal effects. At 2.4Ghz this largely comes down to thermal effects in the skin and other surface layers (2.4GHz is used in microwave ovens for a reason, water has an absorbtion band there), the surface layer that **REALLY** matters in this is the eye! A few watts per square metre power flux density is probably not too much of a problem, much more might be.

I smell a startup about to try for some more funding!

73 M0HCN.

Comment: Re:I'm sure there is a drought in space joke somew (Score 5, Interesting) 103

by M0HCN (#44280095) Attached to: Tiny Ion Engine Runs On Water

Thats true, but the issue in a cubesat is going to be all about total propellant mass fraction (The fraction of the vehicle mass at launch made of of stuff you can sling out the back at high speed), so while Xe is a better reaction mass if you have the space for the tank, it may well be that in this particular use case the higher storage density (and thus the ability to fit more of it into a tiny tank) actually trumps the heavier ion.

Space propulsion is all about propellant mass fraction and exhaust velocity, as those two numbers define how much delta V you can get out of your available fuel.

The problem with light ions in this situation is that the momentum transferred is simply the product of exhaust mass and exhaust velocity, the energy required to produce that exhaust velocity is 1/2 mv^2, thus a heavier ion travelling more slowly requires less energy input to the accelerator for a given amount of momentum transfer then a light ion moving fast.

However if you have surplus electrical power, and are not too concerned about producing large accelerations (even by ion drive standards), and can solve the corrosion and thermal management problems, it might actually be a reasonable tradeoff.

All space propulsion is tradeoffs between energy/reaction mass/specific impulse/acceleration, there are no really right answers here, and having another validated tool in the box is always going to be useful.

Comment: Hogging (Score 5, Insightful) 361

by M0HCN (#44266503) Attached to: Container Ship Breaks In Two, Sinks

It looks to me more likely the problem was excessive weight at the bow and stern rather then midships, the effect is called hogging and is a known way to snap a container ship (or oil tanker) in half, both have occured in the past.
Basically the keel (The BIG beam running all the way from bow to stern down the bottom of the hull) can only take so much sheer stress and if the weight distribution does not match the localised boyancy implied by the current displacement you can very easily bend the ship.

If and how it came to be loaded that way will be one of the things on the investigators list.

There is of course software used to look at this stuff but it cannot realistically be run on the dock during a very tight turnaround, so the declared weights are used as the only data available in advance of starting loading. Not only does that mess of linear algebra have to give a fully loaded ship with the centre of mass and moment of inertia in the right regions (Important for stability and handling), it must also ensure that the total cargo mass per linear meter is roughly the same as the boyancy of that meter of wetted hull at all times during the loading.

Further shippers will sometimes pay a premium for say not having a can of high value goods put in a corner on top of a stack where it is somewhat more likely to be lost, and some of those cans may be 'reefers' (Refridgerated containers) requiring both power and ventilation to remove waste heat, the problem swiftly becomes complex, doubly so as the ports stacking order also feeds into this if you want loading to go smoothly.

A nasty accident, but nobody died, and the hull and cargo will have been insured, so a better outcome then is sometimes the case.

Hope that explains why it is not just about total weight.

Wasn't there something about a PASCAL programmer knowing the value of everything and the Wirth of nothing?