385 posts • joined 3 Feb 2009
Endemic to the sector
It also doesn't help that half the industrial and building management networks are put together by controls engineers who don't understand basic tcp/ip networking. They just repeat what they learned of how the proprietary modbus or similar networks work.
One site we took over had 17 daisy chained ethernet hubs between the heating system in the basement and the cooling system on the roof, with a roughly 1000-1200ms ping between them. The entire site was channelled through a single cheap 8 port switch in the middle, and it couldn't even handle the fairly low volume of traffic.
Another had enabled STP to fix their loops but put 29 devices in a ring, so played musical chairs over who got to control the ring.
In both cases the installers are copying an old legacy system and assuming that TCP/IP works the same way ... and we're not talking about a new network protocol here!
The other major issue is that the people who look after the industrial systems and the people who look after the IT systems don't ever speak to each other - internal IT doesn't want to touch it with a bargepole and the ops guys don't understand enough to ask the right questions. We're making good money playing translator in between them.
Re: What do they all do?
Another factor - all vessels over 300 tonnes have an Automatic Identification System (AIS) - a system explicitly designed to prevent collisions by providing tracking information to any vessel in a 10-20 mile range. This data is also passed up to satellites and can be used for longer ranges, and can be integrated into automatic pilot systems. It's also widely used by oceanic yachts and small passenger craft, and is basically the marine equivalent of the aeroplane ADS-B which all the flight tracking apps use.
The US navy turns theirs off, because they don't want Johnny Foreigner knowing where they are.
In a time of war ... sure, this makes sense. In peacetime?
Turn your bloody lights back on and maybe people will stop hitting you.
It's endemic in Zone 1. The sole provider is BT, generally only adsl services, though VDSL is sometimes available. As an example, there is no residential BT or Virgin fibre available in Soho or Mayfair. There are small pockets near Bloomsbury and Marylebone, but that's about it. 4G is frequently a joke due to reception issues and interference and microwave is astonishingly expensive.
The reason is that this area was traditionally commercial, so if you want better-than-adsl internet you need to pay for a commercial link. None of the vendors want residential grade circuits eating into their highly lucrative commercial business.
We have dozens of residential customers who are stuck with either ~12mb ADSL on old dodgy phonelines (one recently refitted 20 apartment building has exactly six functional pairs on a 100pr bearer) or a minimum £400/month for a 25/100 leased line, which is barely "high speed".
Sure, if you can afford to buy a house in Mayfair, you should be able to pay that sort of rate, but most of the shoebox flats are done on the cheap so the internet provided is a phoneline if you are lucky. The best landlords bring in a proper leased line and split it among the tenants, but that is rare.
The people I was getting at are desktop support staff , or , if you're talking about servers server support staff. They need full administrative access to every end users pc , at the end of the day
Yes, they do, but not under their own credentials, that's just laziness.
Each person should have their own local account, which may have local elevated permissions locally. They then need an admin account which has elevated permissions remotely to do their support work. With separation of the two accounts, your sniffed credentials don't get you very far. For multiple client support, you should have specific admin accounts for each client you support, so compromising one will not affect any other.
Re: So what about the battery
Not to mention that due to the substantial risk of damage or theft, putting a laptop into checked baggage is specifically recommended against at check in, and any electronic equipment that is checked in (as opposed to taken off you at the gate) is not covered by your travel insurance policy.
Re: Do their buyers care?
For the same reason that we're currently involved in a major security upgrade for a big corporate customer.
On investigation, they found that among many other things, all of their datacentres had relatively unsecured remote access to the controls side, meaning that a hostile third party could for example turn off the chillers. Doesn't take long for a datacentre to go down when it loses cooling.
And that talks money on a scale that £x million is a very cheap fix.
Re: Yes. He was.
I working in a call centre doing night shift for a few years some time ago, the lan gaming between team members was definitely a highlight. But we made sure that the queues were cleared and our work was done before we started. The argument our boss had was that the gaming provided an incentive to ensure that all the work was completed promptly instead of being dragged out to the end of a shift.
On the other hand much amusement could be had when someone got a call and was therefore no longer in game to protest what was to happen to them. Pausing only works when noone else can unpause ;)
Re: I could save a few pence a month
However the deal breaker is that AFAIK, only "3" allows me to make calls in the USA using my UK Minutes
If you are making calls to UK numbers, yes. Otherwise you are paying international call rates to call local numbers. But yes, the free internet roaming is awesome.
Re: "the actual number may be higher."
Frankly we're talking about a problem that affects between 0.009 and 0.018% of the population.
By contrast, old people dying in winter of generally avoidable cold related issues are at least 40,000. Priorities maybe?
I know three people who have taken their own lives. Two of them had tried before and been stopped, but the core issue never got resolved and the conclusion was inevitable. Suicide is a problem that in general is very very hard to prevent - western society is innately isolating, and there are a heck of a lot of easy ways to go, from trains to jumping off stuff. Would I like to prevent more, yes. But you do that by funding support organisations, not by trying to block information. This is a futile gesture which in general won't do squat.
All I can say is "Been there, done that".
Yes the transforming bathroom and the *Oh God What Just Happened* tube squirting water everywhere. There's also the vibrating massage function, the blast of hot air drying your rear, the differentially heated seat, the traditional style toilet that emerges from a shell in the floor when you stand in the wrong place in a room ....
Lets just say that Japan can be a remarkably startling place for anyone from the west with an engineer's mentality of "oh, lets see what this button does" and no patience for asking advice beforehand..
(bring a change of clothes, just in case)
Cooler engine intake means more denser air coming in, cooler turbine means more RPM possible, and adding water increases the mass of what comes out the other end, all combined meaning more thrust.
And a shitload more pollution, due to unburned fuel passing straight through, hence the black smoke trails.
Re: the Executive doesn't get to enact domestic legislation on a whim
In fact this Judgement is another chapter in the 17th century struggle of Parliament against the Crown. A historic occasion!
Ironically the Queen was on the side of the Claimants, with the defendants being the Secretary of State for Exiting the European Union.
So it's Parliament *and* the Queen, vs the Executive (with the delegated Powers of the Queen).
I also heard of someone losing a disk from a mirrored system during a system move. They put in a new disk and re-silvered their mirror. From the faulty disk.
Yep, my previous workplace had a minion do that after I left. Then he overwrote the copy. Then he broke the offsite version. *Then* he confessed to having had some problems.
Ironically though, the 90s was the rise of the Polish. Now the Poles are too expensive, and we get Latvian builders and Romanian coders.
Give it another 20 years *without expanding the EU* and those countries will be properly developed as well, meaning the free movement situation will resolve itself.
The real problem ... as it has been *everywhere* ... is the free movement of indentured wage slaves from third world countries in Africa and Asia, who are willing to work for negligible rates. Free movement of People means that people can move to where the work is. Big business in the UK and US hates that. What they want is the ability to bring in cheap employees from anywhere to undercut their rivals, which is a completely different situation.
Re: Don't forget us oldsters!
I am firmly in favour of hiring older people for certain roles.
At a previous company, they basically needed an IT caretaker more than a manager - the systems wouldn't change for another five years, and all the day to day stuff was minor.
So finding an older person who was happy to keep everything ticking along without any particular ambitions other than keep their kids fed was a great relief. They had enough skills to handle anything, and just wanted a quieter post to eventually retire from.
Sure, I could have hired someone young and full of fire, but they'd be bored to death in a week and want to move on.
The biggest challenge I've noticed these days is the concept that there might not be an internet connection at the user end. Too many vendors presume that the Internet is like air, and always there. That applies to both software upgrades and solution providers - for example the new version of a number of software packages our clients use insist on speaking to a centralised server a lot.
So a number of our customers are engineering firms, generally working in and around building sites and basements. If you are lucky there might be a 3G connection available in the project office. In the basement plant areas, no. So making sure they have the resources to run anything they need offline is crucial.
Re: Don't be daft. They want you to use Tor.
The head of the NSA is an admiral of the USN. Possibly coincidentally
I'd say that emerged from the early days of signal intelligence, which were primarily Naval. The army usually had a secured line of communication, and the Air Force were based well behind the lines.
Another defence is making sure that the account being wired to is preregistered in the system, so that the FC can approve it, and the system pays. That requires a paper trail that goes past more eyeballs. This idea of wiring a random account a large sum of money is really strange, but I guess at CEO level procedures are for the little people
Re: Dr Kate Devlin
That a study into the impact of the introduction of the dildo on society would show if such things do, indeed, cause problems in society and if so, what the dangers are
Erm. Dildos have been found since paleolithic times. The oldest intact one is from around 28,000 years ago.
Whatever problems they caused have to be pretty well entrenched in the system by now.
Re: Why ?
You mean Corbyn failed to adequately support one side or the other in a bitter Tory leadership squabble played out via the proxy of the fate of a country? Well now, that's a surprise from the leader of the opposition.
The problem is regardless of the official position of the party, at least half of his own MPs were inadequate in mobilising support in their own constituencies for remain. And then decided to hide their own inadequacy by putting all the blame for their failure on the leader for not compromising his own principles and waving the EU flag hard enough.
He managed to convince his own electorate to remain by a large margin. That's effectively what his job entailed. Yes, he could have been more supportive of the EU, or the Remain campaign, but it wasn't his job to prop up David Cameron who was the idiot that kicked this all off.
Re: "democratise the internet"
Actually I can see quite a few benefits to the Digital Id idea.
It all depends on how it is used, but look at Estonia. They have a distributed set of services, all linked by a middleware layer with a unique identity product. That means that you have the ability to remotely prove that you are YOU to any entity that does business with the government by a single card. It does not mean that your identity is then shared between each service.
Rather you have an identity as BloggsJ with the water department, and as Joe Bloggs (L) with the driver licencing, and as Joseph Thomas Bloggs with the electoral roll etc. And then your digital identity acts as a proof acceptable to each service that you are that identity. And it is up to the end user to register each identity into the system, rather than having it done by fiat by the government.
It's far superior to the UK system of multiple redundant composite IDs, where you need a drivers licence and bank statement for this part, but a passport and national insurance number for that one, and bank statement and credit card for them over there etc etc.
The critical thing about a proper digital ID is that it doesn't replace all the existing systems, it acts as a complementary system. That way if it stops working or is stolen you can still go in person with a bank statement and say I am me...
As for the 25bn fibre rollout ... the Railtrack/Network Rail fiasco has already proven that the only way competition in the railways can work is with a neutral state body overseeing the basic infrastructure, with a monitoring body to ensure regular upgrades. We obviously need a similar entity for basic fibre infrastructure provision, because as Google has proved in the US, the cost of running cables far far exceeds the return people are willing to pay directly. Rollout via state taxation is the only way it can work.
However I would want it to be done in such a fashion that the ducts are large enough to allow easy inspection and maintenance and that rival cables can be laid if private groups want to pay for it.
That way you don't have to dig the damn street up every few months, which is where the main cost is. Dig the damn street up once, lay a gas trench, a water trench, a data trench and a power trench and cover em up. End of issue. Start in the newbuilds, in villages and small towns, then move to the suburbs, and finally the centres of the bigger cities where its a historical messy situation.
Re: We should use neither @boltar
But it's not all control, there are huge numbers of places in industry that are not mission critical, where devices like the Pi can be used to great effect. You need a touchscreen controller on a machine, not to control it but to program it? A Pi is cheap and good at the job. There are huge numbers of applications.
Agreed. We have several dozen acting as intermediaries for remote cctv, av and bms systems over cheap adsl links. They work well, cost pennies by comparison, only require a power supply, and you can easily remote on and reconfigure them as needed.
Seems less than I'd expect
So you'd prefer that they explicitly tamper with the files they receive, rather than uploading them as is where is?
Frankly the fact that there is malware like this present in the files is a better indicator that they are probably genuine.
Anyone downloading the files should be running them through antivirus etc as a matter of course, but other than flagging the file with a warning, I don't see how this is a wikileaks problem (or that of any other disclosure site)
Re: Response time?
Yeah, if you read The Old New Thing blog at all, you soon learn that almost every unfixed legacy bug in a newer Windows OS is there deliberately, because when they fixed it, it broke something else that was relying on that behaviour to function. They frequently had to emulate specific bad behaviour to remedy institutional complaints. Raymond Chen was scathing about some of them, but since Windows has long prided itself on backwards compatibility between versions, it's a compromise they were forced to accept.
I think that may be some of the outrage with Win8-10 - they've deliberately given up on a lot of backwards compatibility with DOS at last and that does finally break stuff.
Apple took the same steps when they changed processor cores, they supported the old stuff for a while then made a clean break and removed the emulation.
Re: Hosting is done on one server
Yeah, we've had enough and are now actively moving our customers off them.
They were good, but have frantically bought customers from everywhere in a race to the bottom and are frankly beyond rubbish now.
This was the harder to defend than a complete failure - why is HIS email down when MY email is fine?
I'll accept a local "smart box" which can be taught, preferably by me, to control all of this hardware. But control of all this crap WILL NOT leave my house.
Exactly. That's what a Honeywell Hawk is for. Effectively you have half a dozen smart control systems in your house - lighting, AV, AC, Security etc. You then put a centralised control module in that can speak to all of them and can be accessed remotely if needed.
We have hundreds of the damn things in production, and a bunch of engineers whose job it is to write various interface drivers for obscure systems.
But then, that involves doing things professionally - a Hawk is a couple of grand, and proper BMS setups are designed for interaction.
Setting up everything at home with a DIY amateur hour setup from Maplin is an entirely different ball game.
Re: Next gen ransomware
How about a process that iterates down through the folder tree, spawning a separate encrypting process for each individual file, which then completes as the file is finished. Keep a watchdog so that only a certain number of child processes are actually running at once so that the system doesn't slow down too much.
Effectively bulk changing files one file at a time, in a slower but less detectable fashion.
Re: Zuckerberg is running Thunderbird
I would love to have a decent email client for Windows, but these days we're pretty much stuck with Thunderbird or Outlook. Nothing else really works or is actually productive.
I hated myself for leaving Eudora for Outlook, but the shift to badly formatted HTML mail pretty much killed it.
Interesting choice of location. It's pretty remote, but gives them a near 180 degree angle to launch stuff over ocean. I originally considered NZ to be too far south for effective launches, but turns out we're closer to the equator than Baikonur is by a fair margin.
In theory Mahia is still on a rail line too, which should make material transfers from a deepwater port easier.
The hot springs round the corner are a nice bonus too.
Re: A cautionary pair of tales (pt1)
Oh god yes. The number of times I've mistyped something critical is fairly low.
The number of times I've deliberately killed something critical because I thought I was looking at something else? That is definitely an embarrassingly higher number.
Protecting users from themselves is a lofty goal, but the most important user to protect is YOU.
Visual cues are a valuable help - different wallpapers, different coloured terminals, a change in text colour when you log on as superuser ... anything to say think twice.
Re: Careful what you wish for
So by spending three years wasting your time, you complain that your skills are rusty?
Can't really see that as anything other than your own fault. The remaining 7 hours per day should have been ample time to have some sort of project on the side you could spin into something fancy.
Re: Act of Allah
Taking tongue briefly out of cheek, I'd say Dell, Panasonic and Getac would ... they make the super heavy duty laptops for military and far off the beaten track use.
You'd probably still need to spring for the very special extended warranty though, I'd expect the extra price you pay would cover the costs of a complete replacement of the laptop in 1-2 years.
While I agree with the article
I'm not quite sure how useful it is ... there are only so many bridge positions on a ship, and while the fate of the minions is in the end inevitable, the attrition rate is going to be horrific.
And I'm not convinced that knowledge, skill or determination will have any bearing on who survives ... I suspect it will be the lucky, the connected and the politically savvy ... the same as in every other part of middle management.
One point in their credit - if you get a new laptop, and install a copy of home & business on it, the copy is then locked to that hardware. If the hardware dies early on, you're screwed, buy a new copy.
However if you ring the phone activation line, and crucially *do not pick an option*, then you get to talk to a person. And that person has the ability to create you a new activation code to migrate your software in the event of a DOA machine.
I'm not sure what the timeframe is that it is available for, but it made my week.
Depressing how tiny victories with MS make you feel fantastic.
Oh god yes.
Had four weekends in a row on a bloody SBS migration.
First weekend new server PSU died. Next weekend hard disks on temp NAS died. Finally with all going smooth the entire installation of VMWare died and I didn't trust the recovered VMs.
I think SBS gets a special kind of ancient curse all to itself.
Re: A few splashes?
Site only wanted a record of what went wrong for diagnostic purposes after the fact. We used the same system we had everywhere else, so it generated alerts and sent them to us for an offsite record, we just filtered them off and ignored them.
You might think site were idiots. We couldn't possibly comment.
A few splashes?
So our company does environmental monitoring systems, amongst other stuff. We had an entertaining time a year or three back in central london when one of our sites had a bit of a problem with water. We were only paid to record and monitor, not to tell anyone, so these made fun reading back on the monday.
B3 leak detection alert
Tank 1 overspill alert.
Tank 2 overspill alert
Sump pump 1 failed.
Sump pump 2 failed.
B2 Leak detection alert
all hell breaks loose with alerts of all sorts
all alerts stop
Night shift guard is heading through basement on patrols and notices floor is an inch deep in water, and the steps down have vanished.
Starts frantically calling everyone.
It is determined that the taps are controlled from an area two floors down. Underwater.
Fire brigade turns up to assist, soon determines that water is lapping at the plinth of the local substation in the basement. Phones electric company hotline.
According to our contact the call went something along the lines of :
"Turn off the substation at xxx"
"Are you crazy, that powers safety critical traffic lights and half of regent street and soho, not happening"
"Turn it off, or in ten minutes I'll make it go off with my axe, or in half an hour the water will make it explode, I'll put the fire out, and it will still be off"
"oh. um. I need to speak to ... "
<2 min later power goes off>
"Erm, it should be off"
Turned out that a 6bar mains head had sheared off in the basement, so the normal firetrucks couldn't keep up with demand - they had to bring in a serious pump truck at £1000/hr, which they made our contact sign off for on the basis that he knew why they were there. Took em some 14 hours to pump the basements dry after cutting off water supply to the area.
Our kit turned out to have been sending alerts for nearly three hours while underwater, which we reckoned was a pretty good stress test.