Hacker News new | past | comments | ask | show | jobs | submit | olyjohn's comments login

Your analogy is flawed. This isn't testing someone's house. This is buying the locks that are on people's houses and testing them in your own location. Which people should absolutely be doing.

Also breaking into a single persons house... maybe they don't want to lock their doors. It affects nobody but them.

These systems affect lots of people, it's a public safety issue, and there is a company being paid money by the public to ensure that their systems are safe and secure. They should be tested by everybody and anybody who wants to test them. Especially if they are running on a publicly accessible IP address.

Also if you want to test the locks on someone's house, you don't go to their house. You buy the locks that they are using, and test them quietly in your own location.

> Also if you want to test the locks on someone's house, you don't go to their house. You buy the locks that they are using, and test them quietly in your own location.

This is a pretty great point, because it's exactly what the guy in the article did to find the vulnerability in the traffic controllers.

In my 1984 Honda, the resume button brings me back to the speed I was set at before I hit the brakes.

"Resume" has been a feature of cruise control since the dawn of electronic memory. The Motorola MC14460 integrated circuit and the even older and hilariously complicated Zemco CompuCruise had resume features.

Nobody has headphones with those connectors. Sounds like Bluetooth is for you.

I've got headphones with 1/4" connectors. I like the sets where the cord is detachable, each headphone has a jack, one is 1/4" one is 1/8", and the included cord has 1/4" on one end and 1/8" on the other. Then you can plug into whatever.

I'm not cool enough to have XLR on any of my devices.

Saying you have nothing but a backpack, when in fact you have a backpack and tens of thousands of dollars is lying. This whole thing is a ton of lying for their own personal benefit.

It's pretty obvious they meant the material possessions. Isn't it in guidelines to look for the more charitable options?

I dont think two wrongs make a right.

We accept it when rich marketers spy on and manipulate the public. I think if we’re going to ignore that, then there’s no reason to care when they’re targeted. If all of the sudden we start caring about the spying, then fine let’s direct concern towards spying on marketers too, but right now it’s hypocritical.

What retail store doesn't have price tags on their items?

The point they’re making is that if there is a system failure which makes card payment unavailable, the failure could also have taken out the cash register entirely. And because most products only have a bar code on them which has to be scanned to get the price, it’s possible that the store can’t sell anything (unless they want to look up the price of every item at the shelf).

The interesting thing is that it was only the last mile of the payment processing that has failed whereas the core payment processing (payment networks) and intermediate layers (acquirers and mobile wallet infrastructure) have held up.

Reports about failing Apple/Google Pay actually pertained to the POS terminals the payment terminals are connected to, and not the payment infrastructure itself.

Another interesting takeaway is that we used to have an extra layer of redundancy available at the last mile of the payment processing: slip machines. They were a workaround and a fallback for exactly this kind of problem where the payment could not be processed electronically, a card payment slip would be taken, and the payment would be later processed manually.

However, with the uptake and the scale of electronic payments, card payment slips are no longer a thing mostly due to fraud related issues, plus the inconvenience of having to keep such a large contraption under the till. Even where still available, it may no longer be possible to use it as more and more debit (in particular) and even credit cards do not emboss the card details on the plastic/metal anymore.

To this point, I have shopped in grocery stores during power outages. The checkout terminals usually have battery backup and a local copy of the current prices to enable processing cash transactions.

Yeah. I've (rarely) been able to pay for an item without a price sticker in cash when credit card transactions were down.

Most, in large stores/chains. I'm not sure any of the large US stores I shop in have a price tag on the item any longer.

> I'm not sure any of the large US stores I shop in have a price tag on the item any longer.

But it’s in the shelf surely? Probably on an e-ink display.

But what good does that do at the checkout if computer systems are down? And no supermarket I frequent has eink displays on the aisles.

Besides which the central shelf label server is probably also down.

And do you expect the cashier to walk to the shelf for every single item in order to look up prices?

Just read the comment you replied to. You're charged if found not guilty.

Yes I replied to the $1500 one but the thread specifies being found guilty and "sentenced to 5 years".

I find it completely acceptable to charge an inmate money for his stay, people are against prison labor cause it makes it profitable for a state to have prisoners, which is true, but somehow the state has to recoup money it poured into an individual eating free and using public services without paying taxes for multiple years. You decided to commit the crime.

Now, I am against you being charged pre-sentencing, unless you are found guilty, in which case you should be charged for that pre-time as well.

> which is true, but somehow the state has to recoup money it poured into an individual eating free and using public services without paying taxes for multiple years

Please turn your business brain off. Society costs money to run - this is why we pay taxes. Your taxes routinely provide unpaid services to people because the benefits to society outweigh the costs.

Lathes probably have PCs connected to them to control them, and do CNC stuff (he did say the controllers). Laser alignment machines all have PCs connected to them these days.

The cranes and lifts though... I've never heard of them being networked or controlled by a computer. Usually it's a couple buttons connected to the motors and that's it. But maybe they have some monitoring systems in them?

Off then top of my head, based on limited experience in industrial automation:

- maintenance monitoring data shipping to centralised locations

- computer based HMI system - there might be good old manual control but it might require unreasonable amounts of extra work per work order

- Centralised control system - instead of using panel specific to lift, you might be controlling bunch of tools from common panel

- integration with other tools, starting from things as simple as pulling up manufacturers' service manual to check for details to doing things like automatically raising the lift to position appropriate for work order involving other (possibly also automated) tools with adjustments based on the vehicle you're lifting

There could be more.

But it has created a culture of everything needing to be kept up to date all the time no matter what, and pulling control of those updates out of your own hands into the provider's.

True, especially when a reboot of Windows takes several minutes because it started auto-applying updates!

How do you propose ensuring critical security updates get deployed then?

Especially if an infected machine can attack others?

Users/IT regularly would never update or deploy patches which has its own consequences. There’s no perfect solution—but rather there to accept the pain.

It’s a lot like herd immunity in vaccines.

> It’s a lot like herd immunity in vaccines.

Yes. But you don't deploy experimental vaccines simultaneously across the entire population all at once. Inoculating an entire country takes months; the logistics incidentally provide protection against unforeseen immediate-term dangerous side effects. Without that delay, well, every now and then you'd kill half the population with a bad vaccine. The equivalent of what's happening now with CrowdStrike.

Windows update actually provides sensible control over when and how to supply updates since I think Windows 2000 (definitely was there by vista time). You just need to use it.

It was degrading since Windows 2000, with Microsoft steadily removing and patching up any clever workarounds people came with to prevent the system from automatically rebooting. The pinnacle of that, an insult added to injury, was introduction of "active hours" - a period of, initially, at most 8 or 10 hours, designated as the only time in the day your system would not reboot due to updates. Sucks if your computer isn't an office machine only ever used 9-to-5.

No, it was not degrading - Windows 10 introduced forced updating in home editions because it was weighed to be better for general cases (that it got abused later is separate issue).

The assumption is that "pros" and "enterprise" either know how to use provided controls or have WSUS server setup which takes over all of scheduling updates.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact