arclightNov 28, 2024

I picked up a nice four probe wireless thermometer today. The big advantage is a long-range base station with an actual display and controls that work without a phone app. I tried to connect their phone app to the actual device and it wanted me to set up an online account.

No.

Let me make this real fucking clear: THERE IS ABSOLUTELY NO GOOD REASON THE INTERNAL TRMPERATURE OF THE TURKEY IN MY OVEN NEEDS TO BE SHARED WITH A SERVER OUTSIDE MY HOUSE. NONE FUCKING WHATSOEVER.

"What harm is there if...?"

Wrong answer. This information is not relevant to anyone but me. Not every moment of my life, not every data point around me needs to go beyond my property line. This telemetry does not need to exist and it's taken for granted that it should by people who do not act in my interest.

Show threadarclightNov 28, 2024

It's not paranoia, it's just basic autonomy and privacy. No, seriously, nobody besides this household's residents need to know the temperature of food in this house. This shouldn't be a controversial stance, much like nobody besides the phone owner has any need to know the geographical coordinates of their phone. Heresy!

If your hardware device doesn't work without an app or the cloud, it's junk, full stop. Full. Fucking. Stop.

Show threadarclightDec 2, 2024
I recently wrote the phrase "meat thermometer attack surface" and it reinforced to me that I have no regrets leaving system administration to return to nuclear safety analysis. There's something comforting working on problems that don't have as their root cause "Someone upstream is a greedy little remora."
Show threadTim W RESISTSDec 2, 2024

@arclight @AMS I'm a little surprised nuclear safety doesn't have those problems. Maybe just not yet since most of the reactors are so old? Or people are mostly afraid enough not to fuck around and find out? (Barring the various examples where that HAS happened of course.)

Also: meat thermometer attack surface is a bitchin' band name.

Show threadclacke: exhausted pixie dream boy πŸ‡ΈπŸ‡ͺπŸ‡­πŸ‡°πŸ’™πŸ’›Dec 3, 2024

@tim The secret to nuclear safety from corner-cutting by greedy bean counters: Regulation.

@AMS @arclight

Show threadarclight
@clacke @AMS @tim Good regulation is essential but that's only one layer of defense. A huge part is orgazational mindset - developing and maintaining Safety Culture throughout the organization. There has to be psychological safety for people to speak up when they see something that isn't right (either unusual or nefarious), you have to see that concerns are acted upon. There's a lot of transparency (enforced by regulation), it's not perfect but it's so much better than any other industry I've worked in.
Dec 4, 2024 at 1:11pmWeb
Show threadarclightDec 4, 2024

@clacke @AMS @tim Here's the year in Licensee Event Reports https://www.nrc.gov/reading-rm/doc-collections/event-status/event/2024/index.html These are usually lost or stolen test and measurement equipment, medical issues (over/under dose, UPS lost a box of radiopharmaceuticals), and unexpected reactor trips. For a while there were a lot of "controlled substance found in protected area" reports from utilities finding bottles of vanilla extract in the control room operators' kitchen (it's 90% alcohol and edible so it's technically not allowed).

One of today's reports had inconsistent results from a drug testing lab - my guess is one of the (positive) control samples came back negative. You'd have to send the lab known positive and negative samples to independently verify their tests were accurate. The report cites chapter and verse of the Code of Federal Regulations involving drug testing at nuclear facilities and reporting requirements.

Occasionally you'll find reports of QA or training records being forged to meet schedule and people getting fired or banned from the industry. It doesn't happen often but it does happen. Not sure how it's enforced but you can behave badly enough that the NRC prohibits you from working in certain areas. It's like the SEC banning convicted fraudsters from trading securities or acting as a company director https://www.sec.gov/newsroom/press-releases/2024-186

Show threadclacke: exhausted pixie dream boy πŸ‡ΈπŸ‡ͺπŸ‡­πŸ‡°πŸ’™πŸ’›Dec 5, 2024

@arclight What can we do as a society to ensure that safety-critical functions are run by organizations with a responsible mindset?

Regulation needs to be such that it's easier (more profitable) to do the right thing than to circumvent the spirit of the regulation.

I work in a bank, and the regulators there very much do not leave it up to the individual organization.

@AMS @tim