Re: *FacePalmHappyGroan*
Well it certainly left Windows of opportunity.
5199 posts • joined 8 Sep 2007
Who said anything about Arduinos etc? I certainly didn't.
It seems the point I was making was totally lost. The kit I was referring was completely self contained and intrinsically secure.Yes, it was old and slow (but so is making cardboard boxes) and it was common for these things to run 24/7. As soon as anything is software controlled you have introduced a weak spot. There are a (vanishingly small) number of PLCs that make this better - writes to the program area are disabled by a mechanical switch on the PLC itself. If there is any outside contact apart from just reading settings there is still the problem of malicious data being injected.
On top of this you get ridiculous passwords used (especially when HEX is required), such as:
0001, 0002, etc, on a series of identical machines.
Then there's the fun ones:
CAFE
ABCD
DEAD
D0D0
Yes. I've seen all of these :(
In the mid 1990s I was sent to repair a cardboard box maker. The cough logic controller consisted of plug-in modules the size of a house brick with various switches and controls - pretty difficult to compromise I'd say.
Seriously, PLCs have always been a disaster waiting to happen.
These are the sort of companies I liked to work in. My last one was like that - and when the company moved into bigger premises - basically an empty shell, the (then retired) older boss came in to do all the office/workshop wiring so the rest of us could get on with the on-site calls.
Particularly regarding code forks. The FLOSS project I'm involved with is a fork, and after more than 10 years both still seem to be going along quite happily in their (now) quite different directions. There is the occasional troll who very publicly asks which they should use. My answer is always "Try both and go with which you prefer".
The authentication 'experts' must all live in big city cocoons. Having a phone as part of the authentication is crazy. I can't rely on being able to authenticate when using a venue's internet just outside London (or sometimes even inside) if there is no phone service.
Also, for years I could get by with a credit card and just a few pounds in cash. Now I have to take a wodge of cash, again in case there's no phone access for card authorisation.
Even if all that is good. It's still not secure. It's not the phone that's the ID it's the information held on the SIM... which can be faked.
As an impressionable teenager, my first proper job was home-visits TV servicing. I was permanently scarred by the 'unbelievable' things I saw. Bare wires stuffed in the old 15A unswitched round pin sockets for starters!
"Well you see, it saves messing about when you've got lots of things you want on at the same time"
Biting the hand that feeds IT © 1998–2022