Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Not a surprise (Score 1) 270

It starts with non-religious elite private schools. If your family can afford college level tuition for a K-12 education, there's a tacit agreement that one of the elite universities will have a spot for you. (Seriously, one school near us charges almost $40K for grade school tuition, but it's in the top 15 or so among elite boarding schools.) If you can get into and graduate from a Harvard, Yale, Princeton or similar, the school and its alumni network will not let you fail.

I've noticed something along this line as well having gotten to know one of my son's friends and his family over the last year or so. From outwards appearances he fits the stereotype of the black kid who is destine to fail. His mom, baby sister, himself, and a couple of cousins live at grandma's house, little sister has a different father than him, and neither dad is around. In actuality he is a really smart kid but hasn't been afforded many opportunities to learn anything other than what is taught at public school. Even comparing him to my kids there was a huge difference as mine have things like music lessons and have a bunch of people who can teach them all sorts of things and take them all sorts of places even if we are not the private tutors and elite school type my kids had a lot more opportunities than he did.

I first met him when his grandmother came over because I was taking a class with her and she wanted me to help her with her class project and he came along. To keep him busy for a while I handed him a planetary gear system similar to that in a car's automatic transmission I built out of legos to show my kids how one works and told my oldest to help him figure out how it works if he gets stuck figuring that it would keep him occupied for a while. That only lasted about 10 minutes before he had a good idea of what was going on and wanted something else so I went and found a lego mechanical clock I had made as well to show my kids how things work for him to figure out. It isn't that mom or grandma didn't want him to not learn things it was just they lacked the knowledge of even how to expose him to things.

Fast forward about a year now and he has gotten involved in cub scouts which exposes him to a bunch of new stuff, likes to come over to be with my oldest and do things he otherwise wouldn't that really are sneaky ways to educate them, and has someone who he can ask about math and science. He is doing better in school and has been placed in the advanced group or regular group instead of the low or regular one and has found that he has an interest in mechanical things. Even last nigh when he was over finishing his pinewood derby car he got to learn something when we went to test it, find piece of masonite to lean up against a wall in the basement for it to roll down and then across the floor, and I pushed some wheels into block of wood that I quickly hollowed out and raced them as we made changes to the block of wood. Now I could show him how putting different amount of weight in the car affected how fast it would reach the other side of the basement. Showed him that putting the weight in a different spot affects it and how aerodynamics also affects it. Stealth learning at its best and seems to work well with boys.

Comment Re: Scanning (Score 1) 86

When the document is created / filed. Yes, you could create a fake document at that time, but if you're in a position to do that, then you're probably in a position to simply make the file disappear instead. Which you would actually have to do anyway to hide your fakery, or there would be both a real and fake version sitting in the files. (I am of course assuming any such tampering would be done by corrupt individuals or subsets of the agency, rather than being accepted policy agency-wide)

The signature would then protect against anyone silently tampering with the document between the time it was filed and its eventual release.

Comment Re: Scanning (Score 1) 86

You missed the timing - release the signatures *immediately*, while the documents are still classified. Then, when declassifying the documents, the veracity of the document can be confirmed. Assuming of course that the signature algorithm was sufficiently secure that the agency couldn't create false matches. Though even if they could, there would probably be some suspicious anomalies in the resulting document as it was tweaked to match the original signature.

Of course, if they created the frauds immediately you would be absolutely correct, but in that case there's little point in them keeping the records at all.

But assuming they created the original signatures in good faith, they would prevent undetected tampering between that moment and the eventual declassification. Even if there were redacted portions, at least individuals with clearance to view the originals would be able to verify they weren't tampered with.

As for the "Declassified" stamp, I'm sure some method could be found to include that in a "wrapper" around the original file, or as an easily reversed insertion.

Comment Re:Retards (Score 2) 59

Heck, it's also useful if you can connect to control it even when weather conditions make it too hazardous to travel on-site

Operators have worked shifts that last longer than a day. If a storm is coming in very often the power company will put a second set of operators up in a hotel within walking distance (often just a couple hundred meters) so that they can rotate people in and out as needed. This would also hold for having a second set of operators at the backup site as well, so there would be 4 sets of operators ready to go in these cases.

[1] You could do that with suitable VPNing over the public internet. That way you benefit from its extensive reach, its cheap price, its resilience, the rapid repair time that ISPs offer. All you need to build is a network connection from each of your grid nodes to the nearest internet.

Not done in the US and not allowed by regulation.

[2] Or you could do it with dedicated leased lines that aren't part of the internet. You'll pay a heck of a lot more, and loads of grid nodes won't have convenient connection.

This is done but usually only between main and backup control centers.

[3] Or you could put up your own network. (You're a power-grid so you're used to putting up networks!) But this isn't your core competence, will suffer from longer outages, and will be most expensive

How do you think they are currently getting the data from substations and other devices. It isn't like DNP, Modbus, and ICCP haven't been around for ages and run just fine over the old serial connections that the power companies put in originally. Often they now have a serial to ethernet aggregators and then run just one line back but the power companies do know how to do this and do it well. For added redundancy you can also have microwave link from substations back to the control center which is often the case.

Bear in mind that every subcontractor who prepares a bid using the public internet will produce a *LOWER* bid with *INCREASED* functionality. The only way that a higher-priced bid will ever win is if they someone demonstrate that the downside costs (in terms of expected cost of future hacks) will be significantly larger than the higher upfront bid. And any such attempted demonstration would be instantly met by the answer "why not use just a secure VPN to get best robustness at the cheapest price?"

Yes a contractor could bid that and it may appeal to some of the dumber upper management at a grid operator. The problem is that there are smart people and regulations that would very quickly stamp that dumbness into the dirt. Bring up that doing so is a NERC CIP violation and carries a $1,000,000/day fine and you are talking real money real fast.

So I think that infrastructure like this *can* and *should* be connected to the internet.

Then it is a good thing that you don't work in that industry as that statement proves. You would have had that drilled out of you in your first NERC CIP annual training.

Comment Re:Credit card chargeback. (Score 1) 88

Between my wife and myself we have done a total of 2 in our lives. I find that there are only a few companies that need the screws put to them but the ones that do really need it. Like when I ended up taking an insurance company to small claims court for the fair market value of a totaled vehicle after trying to resolve it out of court for 6 months as the car sat in storage, paid for by the insurance company. The judge ended up excoriating them for not settling as I presented overwhelming evidence of the fair market value beyond just the KBB and NADA guide value and that their valuation was extremely dodgy as they were triple deducting things and using dissimilar vehicles. It isn't like I was even asking for some silly amount as KBB and NADA valued the car at $3100 and $3150 but insurance was only offering $1200. Then there was the collections agency that screwed the pooch and tried to collect a debt from me where only the person's first name matched mine.

Comment Re:Retards (Score 2) 59

You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.

Concerning power grids, no I wouldn't and people in the US and Canada would actually be surprised how well protected the bulk electrical system is here when compared to what is reported. Even small operators like to follow the security requirements that the large ones have to even if they don't as it does allow them to say that they are following the industry best practices which is a good CYA from lawsuits. Other countries are a different story and vary greatly but even those who hadn't cared much before are coming around after the Dec. 23, 2015 hack of the Ukranian grid caused a lot of European companies to collectively shit themselves.

I'll just leave a few things here for you. In the US and Canada those are either the regulations for cyber security of our power grid or specific requirements being written into contracts for new control systems for our power grid. All of them have to follow NERC CIP with the the other 2 being optional but widely used as a CYA. The Europeans do not have such requirements and it varies from country to country but those that do have regulations they are often very far behind even previous version of NERC CIP. That is not to say that those make you secure but they do offer a good start and following any one of those documents would provide more security than the preferred PCI DSS standard that everyone outside of power grid world thinks is great and the be all end all.

Comment Re:Credit card chargeback. (Score 1) 88

Sounds like how we ended up canceling our news paper subscription a couple of months ago. I wonder if most people just don't know about chargebacks so companies think they can just fuck over people and get away with it most of the time or if they just assume most people will just take it. Because of the ability to issue a chargeback and other protections I try to run everything I can through my credit card. It gets paid off in full, current outstanding balance not just previous statement balance, each month so it isn't like it costs me anything to use it.

Comment Re:It's about landmass (Score 3, Interesting) 466

Use cases like yours and mine where I have a lake property 2.25 hours away where I have to tow stuff to and there isn't electricity on site are not something EVs can meet now in the future maybe but then we are a limited few. That said you have people like my wife who 90% of the time drives 5 miles a day and the rest of the time drives at most 60 miles a day can get by with an EV without issue. My mother, step dad, step mom, sister, mother-in-law, and father-in-law could have their entire driving needs met by just about any EV available now (maybe not the volt without it going to gas mode). So in my immediate family only myself, my father, and my brother-in-law who can't meet all our vehicle needs with an EV. Even then my father would only need a non EV to tow his race car to tracks as he doesn't have a long commute and everything he needs is close by otherwise. So that leaves myself with my 64 mile daily commute plus what ever else I have do that day, and my brother-in-law who fixes commercial restaurant equipment and drives from job to job in a big ass van all day.

Slashdot Top Deals

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...