Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Retards (Score 2) 56

Heck, it's also useful if you can connect to control it even when weather conditions make it too hazardous to travel on-site

Operators have worked shifts that last longer than a day. If a storm is coming in very often the power company will put a second set of operators up in a hotel within walking distance (often just a couple hundred meters) so that they can rotate people in and out as needed. This would also hold for having a second set of operators at the backup site as well, so there would be 4 sets of operators ready to go in these cases.

[1] You could do that with suitable VPNing over the public internet. That way you benefit from its extensive reach, its cheap price, its resilience, the rapid repair time that ISPs offer. All you need to build is a network connection from each of your grid nodes to the nearest internet.

Not done in the US and not allowed by regulation.

[2] Or you could do it with dedicated leased lines that aren't part of the internet. You'll pay a heck of a lot more, and loads of grid nodes won't have convenient connection.

This is done but usually only between main and backup control centers.

[3] Or you could put up your own network. (You're a power-grid so you're used to putting up networks!) But this isn't your core competence, will suffer from longer outages, and will be most expensive

How do you think they are currently getting the data from substations and other devices. It isn't like DNP, Modbus, and ICCP haven't been around for ages and run just fine over the old serial connections that the power companies put in originally. Often they now have a serial to ethernet aggregators and then run just one line back but the power companies do know how to do this and do it well. For added redundancy you can also have microwave link from substations back to the control center which is often the case.

Bear in mind that every subcontractor who prepares a bid using the public internet will produce a *LOWER* bid with *INCREASED* functionality. The only way that a higher-priced bid will ever win is if they someone demonstrate that the downside costs (in terms of expected cost of future hacks) will be significantly larger than the higher upfront bid. And any such attempted demonstration would be instantly met by the answer "why not use just a secure VPN to get best robustness at the cheapest price?"

Yes a contractor could bid that and it may appeal to some of the dumber upper management at a grid operator. The problem is that there are smart people and regulations that would very quickly stamp that dumbness into the dirt. Bring up that doing so is a NERC CIP violation and carries a $1,000,000/day fine and you are talking real money real fast.

So I think that infrastructure like this *can* and *should* be connected to the internet.

Then it is a good thing that you don't work in that industry as that statement proves. You would have had that drilled out of you in your first NERC CIP annual training.

Comment Re:Credit card chargeback. (Score 1) 88

Between my wife and myself we have done a total of 2 in our lives. I find that there are only a few companies that need the screws put to them but the ones that do really need it. Like when I ended up taking an insurance company to small claims court for the fair market value of a totaled vehicle after trying to resolve it out of court for 6 months as the car sat in storage, paid for by the insurance company. The judge ended up excoriating them for not settling as I presented overwhelming evidence of the fair market value beyond just the KBB and NADA guide value and that their valuation was extremely dodgy as they were triple deducting things and using dissimilar vehicles. It isn't like I was even asking for some silly amount as KBB and NADA valued the car at $3100 and $3150 but insurance was only offering $1200. Then there was the collections agency that screwed the pooch and tried to collect a debt from me where only the person's first name matched mine.

Comment Re:Retards (Score 2) 56

You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.

Concerning power grids, no I wouldn't and people in the US and Canada would actually be surprised how well protected the bulk electrical system is here when compared to what is reported. Even small operators like to follow the security requirements that the large ones have to even if they don't as it does allow them to say that they are following the industry best practices which is a good CYA from lawsuits. Other countries are a different story and vary greatly but even those who hadn't cared much before are coming around after the Dec. 23, 2015 hack of the Ukranian grid caused a lot of European companies to collectively shit themselves.

I'll just leave a few things here for you. In the US and Canada those are either the regulations for cyber security of our power grid or specific requirements being written into contracts for new control systems for our power grid. All of them have to follow NERC CIP with the the other 2 being optional but widely used as a CYA. The Europeans do not have such requirements and it varies from country to country but those that do have regulations they are often very far behind even previous version of NERC CIP. That is not to say that those make you secure but they do offer a good start and following any one of those documents would provide more security than the preferred PCI DSS standard that everyone outside of power grid world thinks is great and the be all end all.

Comment Re:Credit card chargeback. (Score 1) 88

Sounds like how we ended up canceling our news paper subscription a couple of months ago. I wonder if most people just don't know about chargebacks so companies think they can just fuck over people and get away with it most of the time or if they just assume most people will just take it. Because of the ability to issue a chargeback and other protections I try to run everything I can through my credit card. It gets paid off in full, current outstanding balance not just previous statement balance, each month so it isn't like it costs me anything to use it.

Comment Re:It's about landmass (Score 3, Interesting) 458

Use cases like yours and mine where I have a lake property 2.25 hours away where I have to tow stuff to and there isn't electricity on site are not something EVs can meet now in the future maybe but then we are a limited few. That said you have people like my wife who 90% of the time drives 5 miles a day and the rest of the time drives at most 60 miles a day can get by with an EV without issue. My mother, step dad, step mom, sister, mother-in-law, and father-in-law could have their entire driving needs met by just about any EV available now (maybe not the volt without it going to gas mode). So in my immediate family only myself, my father, and my brother-in-law who can't meet all our vehicle needs with an EV. Even then my father would only need a non EV to tow his race car to tracks as he doesn't have a long commute and everything he needs is close by otherwise. So that leaves myself with my 64 mile daily commute plus what ever else I have do that day, and my brother-in-law who fixes commercial restaurant equipment and drives from job to job in a big ass van all day.

Comment Re:Thanks, Obama! (Score 1) 205

The Mona Lisa and the Venus de Milo were really the only spots where there really was a shit ton of people so while I walked by them and "saw" them it was hard to appreciate them because of the number of people. My favorite painting in the Louvre is The Virgin of the Rocks and like most of the other paintings and art all that there is the velvet rope to keep people away. The thought of how much trouble I would I get in if I touched it did cross my mind. If one really wanted to get away from people there is always the early christian section. The Louvre is a wonderful museum to go to but if all you want to do is see the Mona Lisa or Venus de Milo don't bother. It is truly huge so even if there are a lot of people they are spread out there. I took 2 days open to close to check things out and those were hot humid days as the Louvre has air conditioning unlike a lot of buildings in Paris. I lived there at the time so I could afford to take my time at places. Also I highly recommend seeing the Bastille Day parade down the Champs-Élysées and then fireworks at Champ de Mars. If you are into military history I would highly recommend going to Hôtel des Invalides. Instead if one wants to nerd out there is always Musée des Arts et Métiers.

Comment Re:Conservatives need to realize cheating occurs (Score 1) 125

I don't believe the neighbors up at my lake place have AC but then in the summer when it gets oppressive hot and humid (I've been up there when the dew point was in the upper 70s and 80s) the thing to do is go out into the lake and sit in an innertube over the nice cool spring that feeds the lake and just fish and/or drink. There is a nice breeze that comes off the lake most of the time that goes right into our properties as well. A good wood stove + fan can and does provide a lot of heat. As I will be using my property as a recreational one I won't need AC but a couple of ceiling fans, lights, fridge, microwave, hotplate, toaster oven for the electrical things. I would plan on having a nice wood stove for heat up there since that would just make sense given the fuel is free up there.

Comment Re:Encryption (Score 2) 205

While quantum computers screw over RSA and other asymmetric key crypto systems based off of the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem, they just substantially speed up symmetric key. The speed up of symmetric key crypto systems is substantial but all you need is to double the key length. So a 512 bit key in a real quantum computer world would be as strong as a 256 bit key in our current classical computer world. Also the reason all of the AES competitors had 256bit keys is because NIST had the good sense to think that quantum computers would become viable within the lifetime of the AES standard and wanted something that still provided the same security as 128 bit keys in a classical computer world. By the way it would take a sizeable portion of the total US annual consumption to just cycle through a 128 bit key on an ideal computer, so we are already at a hand waving level of silly at that level.

If you mean asymmetric key systems there are replacements but I am not familiar with the math behind them so I can't really comment intelligently on them.

Comment Re:Encryption (Score 2) 205

Unless they have a machine that is made of something other than matter and occupy something other than space I'm not too worried about them cracking modern 256 bit symmetric key encryption. Even on an ideal quantum computer using Grover's Algorithm they would still need to use a sizeable fraction of the US's total annual energy consumption. This however is on ideal computers running at the temperature of the cosmic background radiation temperature so in reality they would require several orders of magnitude more energy. To put things in perspective here is Bruce Schneier's comments on the hard limits of breaking a symmetric key encryption:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2Kelvin, an ideal computer running at 3.2K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

So go and see what the best break for a modern symmetric crypto system is and see where it falls on the above description.

Slashdot Top Deals

When a Banker jumps out of a window, jump after him--that's where the money is. -- Robespierre