Yesterday the WSJ kicked up a storm with a front page article stating the US electrical grid computers have been infiltrated by spyware and trojan horse malware, sent by URL's located in Russia and China. The article went on to warn that in case of war enemy nations would be able to turn out the lights all over the country. Or even worse, disable automatic protection systems and cause equipment to self destruct. Just turning out the lights can be life threatening in heating season. Damaged heavy equipment can take years to replace.
To be that vulnerable requires three blunders by utility engineers. First is excessive automation, too many unmanned plants, remotely controlled. Second is connection to the public internet, and third is using Windows computers.
For instance, I know of a remote controlled gas turbine generator in Peabody MA. They turn it on, and turn it off from a control room located miles away. Proper design would route the control signals over a private line, say a fiber optic line hung off the power poles. That way, a malicious hacker has to climb a pole, and splice a tap into a glass fiber with the wind whistling past his ears. Not so comfy as working a mouse in the comfort of an air conditioned computer room.
If the utility bean counters forced engineering to use the public internet, 'cause it's cheaper than stringing a few miles of fiber optics, then the system is vulnerable. State utilities regulators ought to check on this sort of dangerous cheap cut. As a rule, no connection to the public internet should be allowed for any operational systems.
Second rule, never use Windows for any industrial control system. Windows is not real time. It will not service interrupts while other programs are running. Should a program lock up (fairly common) , interrupts are locked out and emergencies like fire, overheat, over current, over speed, name-your-own-disaster will not get serviced. Plus, Windows is a server operating system with dozens of external entry points that allow remote users to request the "load and execute this program" service. Windows is so eager to serve that any teen aged hacker can take it over and make it do anything he wants. No experienced engineer would ever entrust anything important to Windows, but the company bean counters might force him too. Windows computers, despite their many flaws, are still the cheapest way to go.
Bottom line. It ain't hard to make the electrical grid immune to hackers. It won't cost all that much, compared to the price of a couple of new generating plants. Public utility commission should enforce the rules against use of the public internet and the use of Windows.
Thursday, April 9, 2009
Wednesday, April 8, 2009
The ghost of Computer Associates EZ Trust anti virus
A blast from the past. Now when the kid's laptop boots up, it whines that EZ Trust antivirus is out of date and your computer is at risk, and the sky is falling. Back when the kid's laptop was new (maybe five years ago) EZ trust was the family anti virus, mostly because it had a cute picture on the box and was cheaper and less flakey than Norton. We gave up on it when it failed to update after a year, even after charging my Mastercard for a new year's subscription. Then the maker, Computer Associates got into some dreadful scandal that made the Wall St Journal.
So, five years later, some trace of the old antivirus is still lurking in the depths of the hard drive and the registry. A google for "EZ Trust Registry" brought up a raft of hits several of which gave good clear instructions for cleaning EZ Trust off for good. There were nine disk files to delete and a couple of registry keys. Some of the disk files were in use, and Windows Explorer refused to delete them, but a trick file zapper (GiPo_Moveon_Boot) took care of that. I made several passes with regedit looking for "virus" and "EZ Trust" and deleting every key that referred to EZ Trust. There were a lot of them.
Next I tried to go on line to make this blog post. Arrgh, Internet is dead. I reseated the network cable, powered cycled the cable modem, and futzed around. Then I tried a "repair connection" option inside Internet Explorer. Bingo, pay dirt. IE reported a layer in the network stack with an EZ Trust name was bad and would it be OK to remove it? I quickly clicked "yes" and every thing started working. In fact the computer is livelier than before.
Lessons learned. Antivirus programs suck up ridiculous amounts of CPU time and burrow deep into Windows. They don't remove cleanly, you have to clean up after them.
So, five years later, some trace of the old antivirus is still lurking in the depths of the hard drive and the registry. A google for "EZ Trust Registry" brought up a raft of hits several of which gave good clear instructions for cleaning EZ Trust off for good. There were nine disk files to delete and a couple of registry keys. Some of the disk files were in use, and Windows Explorer refused to delete them, but a trick file zapper (GiPo_Moveon_Boot) took care of that. I made several passes with regedit looking for "virus" and "EZ Trust" and deleting every key that referred to EZ Trust. There were a lot of them.
Next I tried to go on line to make this blog post. Arrgh, Internet is dead. I reseated the network cable, powered cycled the cable modem, and futzed around. Then I tried a "repair connection" option inside Internet Explorer. Bingo, pay dirt. IE reported a layer in the network stack with an EZ Trust name was bad and would it be OK to remove it? I quickly clicked "yes" and every thing started working. In fact the computer is livelier than before.
Lessons learned. Antivirus programs suck up ridiculous amounts of CPU time and burrow deep into Windows. They don't remove cleanly, you have to clean up after them.
A mouse in the house
After getting the kid's old laptop to play, I needed a real mouse. The usual laptop built in thumb pad is a pain to use, and this one way getting flakey, it occasionally left clicked all by itself with unfortunate consequences, like accidental file deletion. So I grabbed the mouse off the dying desktop. No go, lap top doesn't have a mouse port to plug it into. All it has are USB ports.
USB was supposed to replace the keyboard port, the mouse port, the speaker& mike ports, and the printer port thus saving five electrical connectors on the back of the laptop. One trouble with this plan. USB doesn't work until Windows boots all the way up. If for some reason Windows croaks, your keyboard is dead, making it impossible to boot from a recovery disk, program the BIOS, run diagonostics, and in general try to fix the problem. Lesson learned. Don't buy a desktop that lacks a real keyboard port.
Anyhow, the old standard mouse won't plug into USB, I needed a USB mouse. So ho off to Staples (the only vaguely electronicky place up here) to buy a mouse. Staples had a regular house house with a dozen different mice. I settled for the cheapest $15 mouse from Logitech. I passed on the fancier wireless mice costing as much as $99. Plugged in the new rodent and lo and behold, it works. Windows carries the code to work USB mice as well as standard mice, and Logitech had followed the standards closely enough for it's mouse to work with Microsoft's software.
Next step, read the instructions, printed in English French Spanish and Lower Slobbovian. The instructions promised a mouse powered orgy if only I would download Logitech's mouse driver package. Being somewhat stupid, I Firefoxed out to the Logitech website and looked for the driver. Logitech has been making mice for many years, and the download page offered pictures of about 100 different mice. Just pictures, no part numbers. On the internet all mice look alike. I began to doubt the wisdom of proceeding when I found out the driver (Setpoint 4.72) was a 52 megabyte file. That's bloatware supreme for a mouse driver.
Doubt rose higher as the install took a good 15 minutes. After the install finished the laptop slowed down. A lot. Bad sign. Plus, all that Setpoint 4.72 offered was to switch the left and right mouse buttons, not something anyone in their right mind wants to do. So, bring up "install and remove programs" and try to remove the mouse driver. All that did was cause failure messages saying the driver could not be removed until Windows had been rebooted. Arrgh.
At least, the reboot worked, I was able to blow Setpoint 4.72 into the big bit bucket in the sky.
That's the last mouse driver I'm ever gonna download.
USB was supposed to replace the keyboard port, the mouse port, the speaker& mike ports, and the printer port thus saving five electrical connectors on the back of the laptop. One trouble with this plan. USB doesn't work until Windows boots all the way up. If for some reason Windows croaks, your keyboard is dead, making it impossible to boot from a recovery disk, program the BIOS, run diagonostics, and in general try to fix the problem. Lesson learned. Don't buy a desktop that lacks a real keyboard port.
Anyhow, the old standard mouse won't plug into USB, I needed a USB mouse. So ho off to Staples (the only vaguely electronicky place up here) to buy a mouse. Staples had a regular house house with a dozen different mice. I settled for the cheapest $15 mouse from Logitech. I passed on the fancier wireless mice costing as much as $99. Plugged in the new rodent and lo and behold, it works. Windows carries the code to work USB mice as well as standard mice, and Logitech had followed the standards closely enough for it's mouse to work with Microsoft's software.
Next step, read the instructions, printed in English French Spanish and Lower Slobbovian. The instructions promised a mouse powered orgy if only I would download Logitech's mouse driver package. Being somewhat stupid, I Firefoxed out to the Logitech website and looked for the driver. Logitech has been making mice for many years, and the download page offered pictures of about 100 different mice. Just pictures, no part numbers. On the internet all mice look alike. I began to doubt the wisdom of proceeding when I found out the driver (Setpoint 4.72) was a 52 megabyte file. That's bloatware supreme for a mouse driver.
Doubt rose higher as the install took a good 15 minutes. After the install finished the laptop slowed down. A lot. Bad sign. Plus, all that Setpoint 4.72 offered was to switch the left and right mouse buttons, not something anyone in their right mind wants to do. So, bring up "install and remove programs" and try to remove the mouse driver. All that did was cause failure messages saying the driver could not be removed until Windows had been rebooted. Arrgh.
At least, the reboot worked, I was able to blow Setpoint 4.72 into the big bit bucket in the sky.
That's the last mouse driver I'm ever gonna download.
Monday, April 6, 2009
Porting Thunderbird
Computer started dying last week. It had enough life left to back stuff up to CD before giving up the ghost. Luckily I had a spare computer, in fact, several of them, laptops abandoned by the children when they bought new. There was an HP unit that seemed to have a bit of life left in it. It was sluggish and out of disk space, but after removing a zillion games, Dragon Naturally Speaking, and running Windows Update for hours and hours, it became much more usable.
So, mission for the day, get my back email, my address book, my filters, and signature block off the CD's and into Thunderbird on the new machine. Thunderbird wants to serve multiple users, keeping each user's email and address books separate. To make this happen, Thunderbird keeps everything associated with a user in the user's private file space. So, with Explorer, cruise out to the C drive Documents and Settings/your_own_name/application_data/Thunderbird. Sometimes "Mozilla Thunderbird"
Go down one more level to "Profiles". On the old machine, copy "profiles" and all it's subdirectory out to CD to make the trip to the new machine. Under "Profiles" there will be one, maybe more, directories with computer generated names. If just one, your have found it, If more than one, you have to find the one containing your up-to-date stuff. Check the date stamps inside the directories or look inside a file profiles.ini in the "profile" directory.
On the new machine, install Thunderbird, and examine the "profile" directory it creates afresh. You should be able to now copy the computer generated name sub directory off the CD and into the new "profiles" directory, edit the file pointer in the "profiles.ini" file to point to the newly imported subdirectory and be done with it.
For some reason this didn't work. Each time I tried it, Thunderbird would get sick and refuse to start. The winning strategy is instead to copy the important files off the CD and into the newly created computer generated name directory. File abook.mab is your address book. Your various mail pouches (inbox, trash, sent, etc) are represented by pairs of files e.g. inbox and inbox.msf. You now copy the pairs of files off the CD onto the hard drive. Be sure to get msgfilterRules.dat off the CD if you use message filters.
After four hours of trial and error I got my old address book, with it's mailing lists, barrels of old mail, and all the message filters up on the new machine. My tricky signature file with a pointer to this blog got lost somewhere, but the rest of the stuff works. The message filters needed editing of their target mail pouch after the move.
So, mission for the day, get my back email, my address book, my filters, and signature block off the CD's and into Thunderbird on the new machine. Thunderbird wants to serve multiple users, keeping each user's email and address books separate. To make this happen, Thunderbird keeps everything associated with a user in the user's private file space. So, with Explorer, cruise out to the C drive Documents and Settings/your_own_name/application_data/Thunderbird. Sometimes "Mozilla Thunderbird"
Go down one more level to "Profiles". On the old machine, copy "profiles" and all it's subdirectory out to CD to make the trip to the new machine. Under "Profiles" there will be one, maybe more, directories with computer generated names. If just one, your have found it, If more than one, you have to find the one containing your up-to-date stuff. Check the date stamps inside the directories or look inside a file profiles.ini in the "profile" directory.
On the new machine, install Thunderbird, and examine the "profile" directory it creates afresh. You should be able to now copy the computer generated name sub directory off the CD and into the new "profiles" directory, edit the file pointer in the "profiles.ini" file to point to the newly imported subdirectory and be done with it.
For some reason this didn't work. Each time I tried it, Thunderbird would get sick and refuse to start. The winning strategy is instead to copy the important files off the CD and into the newly created computer generated name directory. File abook.mab is your address book. Your various mail pouches (inbox, trash, sent, etc) are represented by pairs of files e.g. inbox and inbox.msf. You now copy the pairs of files off the CD onto the hard drive. Be sure to get msgfilterRules.dat off the CD if you use message filters.
After four hours of trial and error I got my old address book, with it's mailing lists, barrels of old mail, and all the message filters up on the new machine. My tricky signature file with a pointer to this blog got lost somewhere, but the rest of the stuff works. The message filters needed editing of their target mail pouch after the move.
A Model Sunday
The Ammonusuc Valley Railway Association has a modular HO layout. We accepted an invitation from the Lebanon train Show to bring the layout to the show. So, the clock radio starts yakking at me to get up at 5:30 Sunday morning. It's still dark. And snowing. Had to brush 1/2" of the white stuff off the car. Global warming at work. Got down to Lebanon at 8 and the rest of the club plus the trailer full of layout all arrived just about then. It being mud season, we couldn't back the trailer up to the back door, it would have sunk. Everything had to be hand trucked in the front door and down the corridors to the show room. Good thing they put in those wheelchair ramps, they are much easier to get up with a hand truck than the front stairs.
They let the showgoers in by 10. We had the layout mostly running by 10:30. We gotta get a new level, the one in the club tool box reads different amounts of tilt depending upon which way up you set it.
Had a fair turnout on the customer side, a little lighter than on the dealer side. I shopped around and picked up some minor stuff. I looked at structure kits for a hundred dollars, (too pricey for me) found some decals, some rolling stock, and called it a day. By the time we got the layout taken down and drove home it was 6:30. Time for a fire and a drink.
They let the showgoers in by 10. We had the layout mostly running by 10:30. We gotta get a new level, the one in the club tool box reads different amounts of tilt depending upon which way up you set it.
Had a fair turnout on the customer side, a little lighter than on the dealer side. I shopped around and picked up some minor stuff. I looked at structure kits for a hundred dollars, (too pricey for me) found some decals, some rolling stock, and called it a day. By the time we got the layout taken down and drove home it was 6:30. Time for a fire and a drink.
Thursday, April 2, 2009
What does Fox News have against Mark Gettlefinger?
Glenn Beck (and others) have been calling for Gettlefinger to be fired just like Rick Wagoner was.
But why? Gettlefinger's job is to extract the most possible money from the auto companies for his UAW workers. He's been quite effective at it. With the auto makers teetering on the verge of bankruptcy, Gettlefinger's UAW has made some concessions. The concession probably aren't enough, yet, but Gettlefinger's job is keep his people's paychecks and fringe bennies up, not to save GM or Chrysler. Just cause he can play harder hardball than the GM weenies, doesn't make him a bad guy.
But why? Gettlefinger's job is to extract the most possible money from the auto companies for his UAW workers. He's been quite effective at it. With the auto makers teetering on the verge of bankruptcy, Gettlefinger's UAW has made some concessions. The concession probably aren't enough, yet, but Gettlefinger's job is keep his people's paychecks and fringe bennies up, not to save GM or Chrysler. Just cause he can play harder hardball than the GM weenies, doesn't make him a bad guy.
FASB Folds
The Federal Accounting Standards Board (FASB) repealed the mark to market rule today. Wall St loved it, The Dow jumped better than 200 points, and nearly broke thru 8000. Abandoning mark to market means banks can carry worthless (nobody will buy them) assets at the price they paid for them. Presto, chango, zillions of dollars worth of mortgage backed securities can now be carried at what ever the bank wants to call their value, rather than their true market value. Toxic assets just got fumigated.
Remind me never to buy stock in any financial institution.
Big question. Will the banks believe the new plumper balance sheets? The banks have been whining since September that nobody will loan to them. Probably because everybody with money to loan fears the bank will go broke before they get their loan paid back. The fears, fueled by things like Lehman, center around the question of how much money does Bank X have in the vault to pay off depositors who make withdrawals. By law the bank is supposed to have 10% of depositors funds in the vault, preferable in cash. Due to continued bank whining over the years, the requirement for cash has been weakened, and "liquid assets", say mortgage backed securities and credit default swaps, now count as reserves. If a bank fails to pay out cash to depositors upon demand, it's broke. Word gets around and all the depositors run down to the bank and withdraw every penny, that is fatal to banks. Lenders to banks are worried that the bank might go poof just about any time.
Knowing that the bank reserves can be largely toxic unsellable assets isn't going to calm nervous lenders. Who probably won't lend.
Remind me never to buy stock in any financial institution.
Big question. Will the banks believe the new plumper balance sheets? The banks have been whining since September that nobody will loan to them. Probably because everybody with money to loan fears the bank will go broke before they get their loan paid back. The fears, fueled by things like Lehman, center around the question of how much money does Bank X have in the vault to pay off depositors who make withdrawals. By law the bank is supposed to have 10% of depositors funds in the vault, preferable in cash. Due to continued bank whining over the years, the requirement for cash has been weakened, and "liquid assets", say mortgage backed securities and credit default swaps, now count as reserves. If a bank fails to pay out cash to depositors upon demand, it's broke. Word gets around and all the depositors run down to the bank and withdraw every penny, that is fatal to banks. Lenders to banks are worried that the bank might go poof just about any time.
Knowing that the bank reserves can be largely toxic unsellable assets isn't going to calm nervous lenders. Who probably won't lend.
Subscribe to:
Posts (Atom)