Posted on 05/11/2021 5:46:06 AM PDT by Presbyterian Reporter
This is crazy. I stopped for gas just now having no idea what was happening. It’s out. People here told me they’d been to other stations and found the same. pic.twitter.com/7LDVdUXPo4
At the enterprise level like Colonial, yup... but look upthread - you really want to try to explain failover systems to some of these people? :P
In the SMB world, backups with spare gear is still more common and fits both the reasonable requirements and the budgets.
“President Trump to be blamed in 3, 2, 1....”
They’re already blaming Trump and stating he and his “Trumpsters”, along with Putin, are happy about this to make Biden look bad. Divisional political BS once again in the midst of another possible crisis.
You can’t make this crap up. These morons don’t understand the ramifications of trucking, food and products. Unbelievable ignorance.
“Interestingy, the hackers posted a message on its dark web page that it would vet buyers of its ransomware in the future to “avoid social consequences.””
I’ve been thinking about that. I think they want to be like the mafia - keep their heads down, try not to draw enough attention to risk getting broken up or jailed, and simply make money.
However, they blew it with this company...and now they’re scared to death that people will be coming for them, to put an end to their little racket.
You would think that... and you would be wrong. Broadly, the only thing that is required in pipeline regulation is that automated systems *must* fail safe. That’s about it.
“Long lines are caused by panic, not supply.”
I would think that a lack of supply (as in this case) will likely lead to long lines too...unless I’m missing something.
What do you want to bet that a lot of their stuff is running Win2K or earlier?
“Then this is a single point of failure! “
What?? Not using a backup is not a “single point of failure”. I think you just heard that phrase and wanted to use it.
Eh. Varies greatly. Human stupidity is often ultimately responsible.
lol - fair enough :)
...today’s vehicles are a ticking time bomb. There’s zero industry effort to establish a chain of trust regarding all the vendors that provide software being integrated into them. Everyone focuses on things like ‘secure boot’. Brilliant. You’re just guaranteeing you boot the (factory delivered) compromised software.
At the enterprise level, no, modern failover systems are not a single point of failure.
I think SCADA and not SMB is more likely in play with pipelines. The problem with Colonial is that it seems their corporate systems got hacked and they failed to protect their downstream SCADA systems.
Any chance that you have knowledge of, “Ode to French Fried Shoes and Blue Hollyhocks”, 1960-1970s? I can’t find my copy!
;^}
The XJ6 is an especially fun beast to try to remote hack. It doesn’t even have a CPU - it is EFI, but it doesn’t have a discrete CPU. It has a big box with a boatload of transistors and it’s even partly analog. And it doesn’t have *any* way to talk to anything - the only way to change the mapping, settings or anything else is to take the box apart and break out the soldering iron.
“Everyone focuses on things like ‘secure boot’. Brilliant. You’re just guaranteeing you boot the (factory delivered) compromised software.”
Sadly, we just completed an RCA where we properly, securely, and with the utmost confidence booted a corrupted image, lots of times. No one thought to check the boot images for that corruption.
GasBuddy website down
“Error 503 Backend fetch failed”
Ah, SMB in my statement was “Small and Medium Business”. They still don’t do failovers much.
“you really want to try to explain failover systems to some of these people?”
it’s not a difficult subject. Simply put: A failover system is two or more systems that do the same function independently of each other so that if one fails the others continue.
Have you ever worked on safety certified software?
I’ve 35 years experience in software and 10 years in safety critical systems - sorry, when it comes to this sort of software most developers have no idea. It is inexcusable to have a single point of failure in a safety system. It is the very first thing you consider. An extension of safety requirements are security requirements.
...it seems you don’t consider this type of software or have experience in it. This is quite obviously a single point of failure - by definition. Somebody can encrypt your system and you’re powerless. It is a system requirement for this not to happen.
“They still don’t do failovers much.”
That’s where cloud came in. It could provide such functionality for cheap, but at the expense of other costs.
“Why is all this critical infrastructure accessible via the Internet? Where’s the air-gap? Why isn’t all this critical infrastructure on its own managed WAN, completely independent of Internet access?”
Very simple - the VP likes to pull up pipeline data to show off to his friends when he has parties at his house. Really no different than showing off his latest Tesla.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.