Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Those things are still YOUNG! (Score 1) 158

XP, LAMP, 2003 servers, all of those things are spiffy new systems to us. Almost all of my job is trying to get old PDP, MODCOMP and DOS systems into the modern era of things like Windows NT or (Jobs forbid!) linux. Sites with truly aging systems are rarely willing to spend anything like what it would cost to really bring what they have up-to-date and they often have good reasons -- how many security issues do you hear about those aged systems vs [recently] modernized ones?

Of course, it also help to keep all user interfaces the same as much as possible instead of forcing people to learn something new (are you listening, Microsoft?) That kind of change for its own sake rarely adds value. I've seen really great looking Windows software used on the operators' console at nuclear power plants -- except -- it is only great looking from a couple feet away. If you get farther away the lines being graphed become invisible and the text is too small to read without 20/10 vision. This stuff probably only changed format because some programmer (and marketeer and purchasing agent) thought it looked pretty in demonstrations in a conference room.

Ahem. Sorry, poor human factors in software "upgrades" is a pet peeve of mine.

Comment What about alternative ammo? (Score 1) 698

I wonder if the framers ever conceived of rubber bullets or bean bag guns...

Also, what happens if something like a hand-held electric rail gun is ever developed? It may well be recognizable as a "firearm" to the framers, but it certainly will be using technology which they never dreamed of, and would seem to fall under the category of "electric weapon"... Farther along, there may even be lethal and non-lethal directed energy weapons, also most certainly "electric" (in some sense, at least) -- would they be banned as "electric weapons"?

Lastly, it makes no sense to ban NON-LETHAL weapons, just because the framers did not imagine them. But if that ever comes to pass, everyone who would've bought (or is forced to turn in) a stun gun should immediately get a REAL GUN. I wonder how the folks banning the stun guns would feel about THAT!

Comment Separate Computers & Networks (Score 1) 373

I don't care (much) if my entertainment and navigation system is hackable. But I ABSOLUTELY DO NOT WANT anything to do with the actual operation of my vehicle to be hackable! It seems to me that using two physically separate computers and networks -- one for nav/comm/entertainment and one for vehicle systems -- would be a good start. MONITORING devices could be providing data to both (to allow things like OnStar to detect an accident or to allow the entertainment system display to show vehicle status. However, absolutely ZERO vehicle CONTROL devices should be in any way accessible from the entertainment computer/network.

I write software for nuclear power plants where we have several physically separate networks and computer systems, with the most secure systems only streaming data outward towards the less secure systems. The most secure systems have no external inputs or connections at all -- as the vehicle control system should be (even the diagnostic port(s) should be in an area locked by one of the vehicles physical keys). The less secure systems have no access to any sort of control function so that, in the event of compromise, the worst that can happen is capture and possibly inaccurate display of aggregated data (operators still verify unexpected computer readings with physical instruments before controlling the reactor). The secure system needs nothing from the less secure system(s) and, if the data rate is not too high, could even stream its outgoing data using a TWO WIRE serial connection that does not even have the return signal connected!

If they care, the automotive industry could easily do these things to protect control systems. The fact that they don't bother shows just how much they value profits over human lives.

Comment Re:Not surprised (Score 2) 34

As for power plants, most of them (if not all) are still operated manually using hard buttons. The only connection there is to the plant is connection to the monitoring of sensors.

That is becoming less and less true as hardware and software evolves and possibly as industry's comfort level increases. I'm not sure that is a good thing, but I've worked with some systems that have software that could potentially trigger plant trip if the software determines that a dangerous enough condition exists. That is probably a good thing -- unless someone is dumb enough to connect that software to a network and allow it to automatically update.

After all, none of us have ever has an operating system update cause any troubles at all, right? ;-)

Comment Inconceivable! (Score 5, Insightful) 34

Any company that has a SCADA system that is allowed to automatically install any sort of update needs new management. I write software for industrial SCADA systems (many of them nuclear, but some not) and absolutely NONE of them have any form of automatic update enabled. That goes for the operating system platform, even anti-virus packages (when they are used) must be manually updated after the update has been tested in a sandbox lab system. Even a well intentioned update may disrupt a SCADA system's operation, so why would anyone in their right mind allow a SCADA system or the operating system it runs on, or any other software running on the same machine automatically update itself? Sorry, but that's just insane.. At best, SCADA systems should have a one-way data flow (preferably on a serial link with the receive line physically CUT) but none of them should accept input from outside their physically controlled environments.

Except for toys and things like that.

Comment Bad Geography (Score 2) 47

Full disclosure: I lived at Patrick AFB in the 1980s, in Cape Canaveral for the 1990s and have lived in Rockledge (20 mi South of Titusville) since 2000. But I don't work in the space industry.

Apparently the author of the linked article can't read a map (or GPS). Titusville is just over 9 (yes, NINE) miles DUE WEST of the VAB and just over 10 miles North-West of the main cluster of NASA admin and misc buildings, Titusville is only 20 miles NW of the waters outside Port Canaveral.

As for the reduction in unemployment from about ~13% to ~6%, it appears to be almost entirely from population loss rather than any form of job growth. One of the ex-NASA folks I was talking to believes that the private space companies are bad for the area because they bring their own people from out-of-town to work their launches instead of hiring experienced locals. I don't know if that's true, but everyone else I ever knew that worked at the space center moved away after everything shut down.

Comment Vanishingly Small Portion Stolen? (Score 1) 622

I have zero data to back this up, but...

I believe that a much larger portion of the pictures shared through/stored on the types of services that were breached are stolen. The thing is, most of them are innocuous and/or of non-famous people so they are discarded and/or not reported by the news outlets. I suppose if an underage kid took some nude selfies that got shared AND someone who recognized the kid saw them, then they MIGHT report it, IF they weren't too embarrassed about where they found 'em!

Comment With so many streets *NOT* done yet... (Score 1) 40

...Google has apparently decided to abandon parts of the world they they find boring in favor of exotic locales.

For example, Google covered most of the primary and a few of the secondary roads in South-Eastern New England. Then they stopped. YEARS ago. I can see every back alley and dirt road in some parts of the world, but nothing except satellite views of places where I grew up (SE New England.) I know New England can be boring, but it is at least as much a part of Google's home country as San Francisco, so why is it so neglected in Google Street View?

I love the exotic locales in Street View, too, but sometimes I just want to show people what the places I grew up looked like.

Comment Re:Avionics (Score 1) 369

Thank you. My contention has always been that, if these devices had ANY possibility of effecting aircraft systems, then the "BAD GUYS" would obviously be ignoring the rules and not only leaving them on, but programming them to screw up aircraft. Frankly, I don't believe the "BAD GUYS" are as stupid as the people propagating this malarkey. Though the "BAD GUYS" might be trying to design purpose built devices that look enough like cell phones, laptops, etc. to that they could be smuggled onto an aircraft and "affect it."

If any of these devices are capable of effecting aircraft systems than NONE OF THEM should EVER be allowed on a plane. (And no plane so susceptible outside RF should be allowed to fly, either.)

Comment Re:Like houses??? WTF?? (Score 1) 432

If we're looking for truly robust designs, shouldn't software engineering be like spacecraft engineering? Or at least like the engineering done to build things like the SR-71? Automotive engineering is a MUCH better analogy than home building, but there are an awful lot of BAD vehicles not only designed, but actually built, sold and on the roads.

Comment Re:not worse (Score 1) 89

SCADA systems don't need to be on the internet to get infected. I thought I read that Stuxnet got in via USB drive. If a SCADA system's software is EVER updated/enhanced and/or there is any way to load new software to it, then it can be infected. The infection may require a human agent to infiltrate a facility and physically access a machine, but if there's a network then that only needs to be done once.

"Help Mr. Wizard!" -- Tennessee Tuxedo