Red Light Ginger
Tisk Tisk AC - they said GingerBREAD, not Ginger (as in the by the hour female "friend").
7 posts • joined 15 Dec 2009
"Suck it Apple!"
The Android growth line (if it holds) is appears to be worse than when Steve got pwned by Windows. Of course the Google twins aren't nearly as uber cool as Bill G was. Does anyone else ever ponder if Sergey and Larry tap fists and exlaim "Wonder Twin Powers Activate!"
OK, 3 weeks is a little protracted, but you can figure a few days before anyone even processed the original message warning about the infected IP. (I'm betting M$ gets a lot of "warnings" and just sifting through all of them for real issues is a challenge. Once you start processing a given message, you still have to actually validate that it is actually legitimate). Once you know something is legitimate, you have to give it to someone to actually chase it down - 2 devices in a company that probably has a couple hundred thousand machines - that's pretty freaking trivial.
Also, If this thing was some sort of ADSL router / user appliance it is pretty small. They may have struggled just to identify the physical location of the hardware. I mean they should have been able to trace it back to the specific managed switch above it via the network. Of course once you know that specific switch, you have to locate it physically, which may be easier said than done in a building with a high density of network equipment. Once you identified the physical location of said switch and hopefully the associated physical port the devices were connected into, you stil have to trace it down to through any un-managed switches, network cabling, etc. (assuming there are no random wireless links thrown in there) - one bad installation contractor with a dyslexic technician and you have a cabling nightmare (I have experienced this first hand). Let's assume they get through all those hurdles fairly easily - have you guys ever seen a typical hardware testing lab? The guy looking for these pwnd devices likely didn't know what he was physically looking for - he just had an IP address. You could look over a small consumer device several times because you were thinking you were looking for a computer/workstation/server. (If you are a network admin used to managing Windows machines and you are looking for a malfunctioning "device" are you even thinking about a small consumer appliance running Linux?) Heck, that is of course assuming these units were even clearly visible in the testing lab - if they were small, their physical location could be obfuscated.
I'm betting 2 machines were a pretty minor worry in the grand scheme of things.
A high level observation here - the actual control system is PLC (or PAC in the case of S7) based not "Windows-based" (which means a propretary OS running on industrially rated hardware. Only the operator and programming interfaces that are Windows based. A good PLC/PAC/DCS configuration is implemented that allows the system to operate without user interface in the event that the operator interface (potentially running on a Windows machine) were to crash. Most serious / dangerous systems also have manual control backups / safety systems (in case the PLC/PAC/DCS system fails).
The above point aside, the issues that we are talking about here - a highly skilled / knowledgeable group developing a clearly targeted, malicious worm/virus - are not "Windows" specific. It wouldn't matter what the interface system was - ALL of them have potential exploit opportunities...UNIX, QNX, LINUX, Windows, OSX, etc. - every single operating system you could select has potential vulnerabilities due to the complexities of producing a machine with a modern GUI, network stack, etc. The point here being, that whatever the control system and associated operating system used for the configuration/programming interface, the party responsible for financing this software would have found exploits. Mindlessly blaiming M$ and proclaiming the wonders of <insert favorite fanboy OS here> is being either naive or disingenuous.
Incidentally, for those of you who can not fathom why all of these vendors would have used Windows as a platform - All you need to understand the fundamental economics of software development for industry. 1) End-customers don't want to spend rediculous sums of cash for hardware. 2) Software development is expensive. Therefore, when most of these MFGs moved to Windows and away from the proprietary hardware they all used in the infancy of computing; they initially selected DOS and migrated to Windows for there programming software. Same thing for their GUI operator interfaces. They guys who based their system on UNIX either died or migrated because the cost of UNIX implementations were not cost competitive / attractive to customers. In this same timeframe, Apple was a joke, spiralling down and LINUX didn't really exist and/or wasn't reliable. (Nobody in their right mind would have developed on LINUX because you couldn't know if your particular flavor of LINUX was going to be around the following year - Actually a few people did try and many learned the hard way that the OS they developed under was too much of a moving target and/or disappeared on them). So, Windows was the ONLY logical choice based on the economics.
So the question is what should these companies do now. Do any of you really believe that there is an unexploitable OS out there? Stop being delusional. It wouldn't matter what the OS was, all of these systems are networked and software programmers are human - exploits will exist. The cost of moving code to a different OS would be pointless - there would be potential exploits on the new OS too - and the networking allows nice vectors for propogation.
Oh and before someone starts bitching again about networked control systems - expecting them to not be networked is pretty naive too. Plant operational staffs are smaller and smaller - the networking, associated data collection, and data analysis are necessary for operation under reducing staff levels. Why reduced staff? So that our electricity or latest widget or packaged food product is as cheap as possible to be as competitive as possible. Without increases in productivity, inflation would be a b and we all tend to select based on price - if you have two products on the shelf, both good, and one is cheaper - which one do you buy?
As far as I can tell legislation to keep drivers alert makes sense - motor vehicles can cause quite a bit of damage to other objects when they impact them - so you try to make sure that distracted drivers don't harm innocent bystanders, other motorists, etc.
On the other hand, the average pedestrian isn't going to do much damage if they walk into something. So I see legislation to "warn" them about the dangers of walking while sonically impared as something like legislation to prevent natural selection taking place? What the.....?!?!?!? Shouldn't pedestrians be able to exercise their God-given right to play traffic rhoulette?
FAIL because people should be allowed to get pwned by motor vehicles if they want to.
Fair Enough on the Patronizing label - re-reading it is patronizing. Beyond that - here are my thoughts in no specific order:
1) You'll note that the GIF doesn't include any of the VOSTOK or DOME C ice core CO2 data - Interesting that - especially since it shows the current atmospheric CO2 levels well above anything in the data sets. If CO2 levels do indeed impact temperature levels in a positive feedback nature then I think temperature increases are a legitimate worry - you can argue that it isn't proven and my argument back would be ok so we wait until we know beyond a shadow of a doubt damn the consequences?
2) Atmospheric CO2 levels are impacted by the amount of CO2 dissolved in sea water - the southern indian ocean appears to be at maximum levels (and gas solubilities decrease with temperature) - which would imply that CO2 levels could be at an inflection point (upwards).
3)I don't think any climatologist has ever claimed that CO2 is the only thing that impacts temperature (Biggest impacts? Obviously the SUN and Earth's relatives proximimity). It seems pretty self evident that something like fine particulates (which by nature tend to be black) precipitating onto glaciers would heat up more than white ice. If we are the producers of said particulates then we are a potential cause for the glacier melt.
4) Looking at data over hundreds of thousands of years, when humanity would only care about the period of time we might have been able to impact the planet is really silly. I bet the Earth was a lot hotter than even those records in the GIF show when it was a ball of hot slag. So what? The real point is that we live in the current climatological period. If comet impacts, volcanic explosions, solar cycles,etc. have caused other peaks and valleys so what? We can't control or change those. However, if we are pushing ourselves out of the most recent equilibrium that we have enjoyed / evolved in - then perhaps it really does matter.
5) Oh and again I make the point that the investments in environmental controls are economically productive - just like building roads, houses, etc. So all the bitching about the cost is actually kind of silly - we live in economies built on the idea that technology investments increase GDP.
6) I'd rather live with the economic investment, which ends up being negligable across everyone on the planet when you factor in economic growth associated with the investment vs. the risk if you are wrong. Have you thought about the net result if you are wrong?
7) "Idiot" Well at least I didn't resort to name calling?
You read the whole article and got "switching away from CO2 and starting to concoct a second catastrophe scenario?" Perhaps a little visit to remedial reading comprehension is in order?
Maybe you should also go revisit the definition of Luddite? Most climatoligists rely on technology and propose technology based solutions to the warming problem.
The sad thing is how many people reach adulthood without a minimal exposure to how research is conducted - numerical analysis is rarely completely cut and dry. Combine a basic misunderstanding of science and mathematics with a rediculous amount of self centeredness and you get "I'm going to bash everything I hear about climate change because it would be inconvenient to me if it were true." Ostriches put their heads in the sand - it isn't a particularly effective survival strategy. (But hey - it is a great analogy eh?).
For the rest of you nutters: The concept that fresh water glaciers are melting at faster and faster rates is well documented fact. Something is causing this and it is very reasonable to search for said cause (and that was the topic of the article Robinson). Of course we could wait until all the glaciers are gone and the associated populations that relay on glacial melt for fresh water supply are without. Why not? F'em, its too much trouble to worry about it now right?
One other parting thought - to all of you brilliant "arm-chair economists" out there who bitch about the cost of environmental protection - have you ever thought about the fact that environmental protections implemented through technological solutions cost money because they require money to implement? Where does that implementation money go? (Hint: Into the economy just like it does when you buy food or a TV). I'll grant you cap & trade is ENORMOUS bullshit / just moving tiles around on a board, but actual solutions implementation generates jobs, grows the economy, etc. Remember acid rain? Reducing sulfer emmissions was going to destroy the world economy, blah blah blah. Wait, it didn't, but it did end up creating jobs as the solutions were implemented. Catalytic converters on cars were rediculous - wait lots of people are employed in their production today... etc. etc. etc. Who's the Luddite?
Biting the hand that feeds IT © 1998–2022