Forgot your password?

Comment: Mysterious "Aurora" attack not so mysterious. (Score 1) 47

by Animats (#47417787) Attached to: DHS Mistakenly Releases 840 Pages of Critical Infrastructure Documents

There's nothing mysterious about this. The problem is that if someone gets control of circuit breakers for large rotating equipment, they may be able to disconnect it, let it get out of sync, and reconnect it. This causes huge stresses on motor and generator windings and may damage larger equipment. This is a classic problem in AC electrical systems. A more technical analysis of the Aurora vulnerability is here.

The attack involves taking over control of a power breaker in the transmission system, one that isn't protected by a device that checks for an in-phase condition. Breakers that are intended to be used during synchronization (such as the ones nearest generators) have such protections, but not all breakers do.

Protective relaying in power systems is complicated, because big transient events occur now and then. A lightning strike is a normal event in transmission systems. The system can tolerate many disruptive events, and you don't want to shut everything down and go to full blackout because the fault detection is overly sensitive. A big inductive load joining the grid looks much like an Aurora attack for the first few cycle or two.

There's a problem with someone reprogramming the setpoints on protective relays. This is the classic "let's make it remotely updatable" problem. It's so much easier today to make things remotely updatable than to send someone to adjust a setting. The Aurora attack requires some of this. There's a lot to be said for hard-wired limits that can't be updated remotely, such as "reclosing beyond 20 degrees of phase error is not allowed, no matter what parameters are downloaded."

Comment: Web programming sucks. (Score 1) 494

by Animats (#47417227) Attached to: Normal Humans Effectively Excluded From Developing Software

Ignoring the racist whining, he has a point. Web programming really sucks. Even web design sucks.

HTML started as a straightforward declarative layout language. Remember Dreamweaver? Macromedia's WYSIWYG editor for web pages. It was like using a word processor. You laid out a page, and it generated the page in HTML. It understood HTML, and you could read the page back in and edit it. Very straightforward. You didn't even have to look at the HTML. Back then, Netscape Navigator came with an HTML editor, too.

Then came CSS. DIV with float and clear as a primary formatting tool (a 1D concept and a huge step backwards from 2D tables), Javascript to patch the formatting problems of CSS, absolute positioning, Javascript to manage absolute positioning... The reaction to this mess was to layer "content management systems" on top of HTML, introducing another level of complexity and security holes. (Wordpress template attacks...)

It's as bad, if not worse, on the back end. No need to go into the details.

All this is being dumped on programmers, with the demand for "full-stack developers" who understand all the layers. Cheap full-stack developers. Usually for rather banal web sites.

Not only is this stuff unreasonably hard, it's boring. It's a turn-off for anyone with a life.

Comment: Being a quant in the early years. (Score 4, Interesting) 87

by Animats (#47413241) Attached to: The Billionaire Mathematician

His fund has an impressive trading record. He had the big advantage of starting early, in 1982, when almost nobody was doing automated trading or using advanced statistical methods. Their best years were 1982-1999. Now everybody grinds on vast amounts of data, and it's much tougher to find an edge. Performance for the last few years has been very poor, below the S&P 500. That's before fees.

The fees on his funds are insane. 5% of capital each year, and 45% of profits. Most hedge funds charge 2% and 20%, and even that's starting to slip due to competitive pressure.

Simons retired in 2009. You have to know when to quit.

"But this one goes to eleven." -- Nigel Tufnel