|
when i was a kid my piano teacher lived on a farm and they had this rural electric service with a peak-hours discount plan. the way it worked was they had a little monitoring box in the wall of a central room in the house. the box would beep at them if they were using "too much" energy during peak times, and if you were over the threshold for too long it would start charging you more. so my teacher's kids had the task of running around the house when the beep happened and turning off all unused lights and stuff until the meters on the box went back down below the threshold one of the goals of smart grid is basically to do this with no active human involvement. like it makes sense from the utility's point of view to think in terms of (e.g.) "we're having load issues and there are 3000 active washing machines in this area of our grid. send some staggered delays between the rinse and spin cycles to reduce load" or whatever. but there are so many potential problems with technology like this, both practical and ethical. on the practical side it's going to cost a fortune to integrate extra chips and code into appliances in order to do this stuff with any kind of reliability. and on the ethical side it's just a huge tangle of problems in tons of different areas, such as privacy, due process, and discrimination
|
#
¿
Jan 17, 2017 20:33
|
|
|
|
| # ¿ May 17, 2024 16:58 |
|
|
i think the ideal situation is where each device is coded to use an interoperable standard. this standard would expose all smart-grid functions to the resident and let them configure which actions to take in various scenariahahahah. sorry, i am skeptical that any consumer protections for this stuff will be rolled out until after everyone is hooked up to it and several major scandals have happened. im even more skeptical that appliance manufacturers, smart grid tech companies, and utilities will not use this as an excuse to build monopolies through patent licensing and other types of exclusivity deals, especially in America it would honestly be pretty nice if (e.g.) i could get a utility discount by setting my dishwasher or clothes washer to a mode like "i need this done but ill be gone for the next 6 hours" and the machine would talk to the grid to schedule a time. but with the general state of iot crap and Trump becoming president in 3 days i don't see how anything good will come of it for years
|
|
#
¿
Jan 17, 2017 21:28
|
|
|
Chalks posted:To be fair things like hybrid/electric car chargers are a really good example of how this tech could be used. They're almost always going to need charging over night and you could stagger the charging with a networked system so that you don't get a million electric cars drawing power at 6pm. imo this is a good example of a social problem that is created by smart-grid. if total rollout of a smart grid system means all residential electric customers are forced onto plans with peak-hour incentives, this could very easily impact people of lower socioeconomic status disproportionately. like here with car charging, the typical time of day that an American automobile is sitting at home is heavily dictated by class: people who are lower-middle-class or lower are much more likely to work evenings and nights than people of higher economic status. thus without government policies (or good labor contracts, but lol on that in trump's america) that make it so these shift-workers have access to chargers at work, or like some subsidies for people to get home power-banks similar to that one tesla product, peak-hour incentive rules could quite easily push unnecessary cost onto people just because they are a nurse or whatever. i know my little scenario here rests on silly assumptions such as "electric cars will actually be commonplace at some point before climate change kills us all", but i would bet money that something like this will definitely happen in a smart grid world
|
|
#
¿
Jan 17, 2017 23:01
|
|
|
BangersInMyKnickers posted:its cheap poo poo by design but with the short range of the wireless signalling network and a plethora of manufacturers and models being rolled out all over the place the likelihood of a single wide-spread impact isn't that high. do you really think it is likely that all those devices will use different chips and totally unique custom software stacks? even across different manufacturers i would (again) bet money that we are going to see the exact same poo poo we've been seeing for years now in consumer routers and iot crap: they will all use cheapo misconfigured software stacks full of old non-updated FOSS stuff written in unsafe languages like C. "oh but the protocol is pretty limited"! sure that's great but even if it's very locked down, it will mean jack if these devices have any alternate communication modes, or if other devices (like laptops or iot crap) have the ability to talk to the appliances via that protocol, because then all it will take is someone to discover a flaw in the 7-year-old version of linux that all these things are running, or a misconfiguration that exists across the software stacks of the 3 most popular smart-grid middleware providers. and on that point, i have a hard time believing that appliance makers can resist the temptation to add in features like "manage your kenmore appliances from ANYWHERE IN THE WORLD with the kenmore app!" and bolting on some kind of wi-fi interface which is of course then managed by the same main CPU/SoC that also does the locked-down smart-grid protocol stuff
|
|
#
¿
Jan 18, 2017 00:08
|
|
|
OSI bean dip posted:this wouldn't be the first time a soda company has hosed around in latin america 
|
|
#
¿
Feb 12, 2017 02:02
|
|
|
infernal machines posted:teslas are basically just a bunch of networked ubuntu vms, and i'd be curious to know if gm onstar systems are meaningfully firewalled from the ecu in any way i was a kid when onstar came out. i didn't know anything about bep bep security then, but i remember seeing the tv ads and being really creeped out that some office drone can see where your car is and unlock the doors and everything why yes, i am typing this post from my smartphone
|
|
#
¿
Feb 13, 2017 08:24
|
|
|
ate all the Oreos posted:is there not a noscript for IE don't encourage him
|
|
#
¿
Feb 15, 2017 22:17
|
|
|
Shaggar posted:disabling javascript or whitelisting urls isn't the same thing as trust how is this distinction significant, in terms of implementation and appearance to end users? how would code signing in the absence of both whitelisting and js-disabling bring any benefit to the user, beyond the ability to know if the JS files have been tampered with server-side?
|
|
#
¿
Feb 15, 2017 22:34
|
|
|
Shaggar posted:Code signing and whitelisting of signers or specific files is more granular than url based trust and is more flexible since its transport/url independent. tamper proofing becomes critical if you're talking about transport independence and its a good idea anyways since who knows whats in between the client and the server. code signing provides protection against things like AV that sticks the same root cert into the trust store of every installed computer or china mitm your traffic while you're visiting. i mean i guess if you've solved the halting problem
|
|
#
¿
Feb 16, 2017 01:48
|
|
|
Shaggar posted:I'm talking about whitelists for signers and specific files, not chaining back to roots which would be pointless for code signing. so every site is going to have one+ unique code signing cert? hang on, get the chrome team on the phone, i'm sure they'll start on this first thing tomorrow 
|
|
#
¿
Feb 16, 2017 04:10
|
|
|
Subjunctive posted:every site has a unique TLS cert, today nah but shaggz is talking about ones that don't chain to an authority. so the browser would then need zillions of certs for it to be useful, right?
|
|
#
¿
Feb 16, 2017 04:51
|
|
|
ate all the Oreos posted:did you check to see if clicking the button again gave you another
|
|
#
¿
Feb 16, 2017 15:14
|
|
because lol
|
the suspense is killing me 
|
|
#
¿
Feb 18, 2017 02:04
|
|
|
beautiful e: lol https://mobile.twitter.com/paaleksey/status/833355010637455367 Lutha Mahtin fucked around with this message at 16:58 on Feb 20, 2017 |
|
#
¿
Feb 20, 2017 16:46
|
|
|
Thanks Ants posted:if your phone usually only required a fingerprint to unlock past the first boot/period of non-use, but if it were possible to 'hey siri' it into a state of requiring a pin/password again, would that legally count as obstruction? as an american, i hope that this administration at least gives us a supreme court case with the title Trump v. WeedGoku666
|
|
#
¿
Feb 22, 2017 01:28
|
|
|
another quote from the ibm thingquote:Customers should have received a security bulletin for this. I was told that a security bulletin would not be posted for this incident or cloud security incidents in general, but if I were a paying customer, I would absolutely want to hear it from the company itself and not some stupid tech blog.
|
|
#
¿
Feb 22, 2017 14:30
|
|
|
anthonypants posted:not only is it still supported, it's the only browser in the windows 10 long-term servicing branch, indicating that there are no long-term plans or goals for microsoft edge this is one of those posts where i genuinely can't decide if it's sarcasm or not
|
|
#
¿
Feb 22, 2017 20:39
|
|
|
redleader posted:crypto is kinda voodoo to me. is there a tldr on this for an idiot anywhere? could this detection be bypassed? the tl;dr is "math"
|
|
#
¿
Feb 23, 2017 17:31
|
|
|
Linoos posted:But if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice. uh huh
|
|
#
¿
Feb 25, 2017 23:48
|
|
|
the bold part was in his original btw
|
|
#
¿
Feb 25, 2017 23:51
|
|
|
i would really like to know what the honest internal feelings are of the cloudflare guy who raged at tavis about being blocked lol
|
|
#
¿
Feb 26, 2017 01:47
|
|
|
i physically rofl'd irl
|
|
#
¿
Mar 1, 2017 02:09
|
|
|
When Amazon's cloud storage fails, lots of people get wet i think i found the perfect cloud2butt headline
|
|
#
¿
Mar 1, 2017 13:38
|
|
|
pr0zac posted:teen vogue droppin that legit security knowledge "naise" unironically
|
|
#
¿
Mar 3, 2017 03:49
|
|
|
fart touching
|
|
#
¿
Mar 5, 2017 22:12
|
|
|
hehe funny smileys. wait quote:(\/) (°,,°) (\/) WOOPwoopwowopwoopwoopwoop! japan loves futurama???!?!?!
|
|
#
¿
Mar 8, 2017 01:46
|
|
|
anthonypants posted:that's the juggalo noise dude it is clearly zoidberg
|
|
#
¿
Mar 8, 2017 03:13
|
|
|
sounds more like...shitium
|
|
#
¿
Mar 10, 2017 01:59
|
|
|
anyone use the Firefox sync feature? supposedly it works the same as a good password manager, where mozilla can't look at your data, but i never investigated it fully 
|
|
#
¿
Mar 11, 2017 15:50
|
|
|
bump_fn posted:hey sec thread how easy would it be to make a USB "charging" station that compromises every device that gets plugged into it because this is what I assume every USB port charging station is i think the difficulty level would depend a lot on how long you wanted it to be effective. if it was something you set up at a big event with lots of people walking around, where it's only active for a few hours/days, that wouldn't be super hard. but if you wanted it to be active long-term, you'd need some way to keep it updated with new vulnerabilities
|
|
#
¿
Mar 11, 2017 16:50
|
|
|
Zero One posted:It's Citi. i want to know how unique each authenticator is 
|
|
#
¿
Mar 12, 2017 18:41
|
|
|
a lot of yosposters are fans of the NaCl crypto library, so i was reading up on it. the papers describing their thought processes in designing it are pretty cool, and i think the papers are readable by even novice programmers. but then i went and poked around the NaCl website and found the installation instructions...quote:NaCl works on a wide variety of UNIX-like systems, including Linux, BSD, Solaris, etc. Here is how to download and compile NaCl: 
|
|
#
¿
Mar 13, 2017 16:53
|
|
|
extra laughs if the guy's last name is "adams" or some other famous douglas
|
|
#
¿
Mar 16, 2017 19:03
|
|
|
anthonypants posted:they caught silk road kingpin ross ulbricht at a public library while his disk was encrypted and he was caught with a bunch of unencrypted mycrimes.txt documents no, his mycrimes.txt were encrypted with FDE. that's why they nabbed him at the library. they wanted a place where both (a) he had the computer on, encryption password activated, screen unlocked, and (b) where they could sneak up behind him, cause a distraction, and snag the machine from him while it was in the unlocked state
|
|
#
¿
Mar 18, 2017 01:33
|
|
|
did somebody deface his site yet
|
|
#
¿
Mar 21, 2017 01:08
|
|
|
hes basically an internet superhero but real
|
|
#
¿
Mar 21, 2017 01:54
|
|
|
Soylent Pudding posted:Why is the register considered a bad source? It actually was a recommended source from one of my security professors. i don't know if they are bad overall, but they are deffo born and bred on garbage UK tabloid style
|
|
#
¿
Mar 27, 2017 21:22
|
|
|
fishmech posted:i wonder how many ATSC market TVs have DVB support implemented anyway, and can have a DVB signal forced onto a normal ATSC channel to do the exploit what does your heart tell you
|
|
#
¿
Mar 30, 2017 16:05
|
|
|
my intuition was that tvs were designed with lowest-bidder support for all major broadcast standards in order to sell the same tv worldwide. it's not something i read up on though, i just based it on helping family members set up their tvs and seeing mention of DVB things in manuals and on-screen UI stuff
|
|
#
¿
Mar 30, 2017 16:25
|
|
|
|
| # ¿ May 17, 2024 16:58 |
|
|
Subjunctive posted:like opera can sell anything 
|
|
#
¿
Apr 1, 2017 00:13
|
|