Jump to content

Light at the end of the chip shortage.....hope this is true....


Recommended Posts

2 hours ago, jpd80 said:

it would help immensely if leaders of critical infrastructure would get their act together and strengthen access to their sites. Two step authorisation is a pain but it seems to stop a lot of scammers in their tracks.

 

I work in Cybersecurity and the issue is just funding and getting people to buy off on it...heck I work for a branch of the DOD and its been a major challenge to get leadership to buy off on things. 

 

There are alot of things companies can start doing, but it all involves costs of support and IT is often viewed a non profit center and is starved of funding because of that. 

 

Its the old spend $100 to stop an attack that costs $1 for the attacker to do.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

3 hours ago, paintguy said:

Hard to separate out, as these nations appear to make little effort to stem these gangs. Add that to the fact that foreign companies in these countries operate as partnerships with approved local companies. Don't see that in the US. Gives the impression that in these "Iron Curtain" countries nothing happens without government knowledge. 

That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as  state sanctioned malicious acts tend to be more outright  crippling of infrastructure with no demand for payment 

Edited by jpd80
Link to comment
Share on other sites

2 hours ago, jpd80 said:

That may or may not be so as ransomware seems like a small time criminal endeavour in a dysfunctional political system where as  state sanctioned malicious acts tend to be more outright  crippling of infrastructure with no demand for payment 

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.

  • Haha 1
Link to comment
Share on other sites

3 hours ago, slemke said:

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.

Or, just make your computers more secure by a few simple things and then, the problem goes away….

Link to comment
Share on other sites

5 hours ago, slemke said:

Time to put pressure on the “dysfunctional political system” to crack down on the criminal endeavors.  They do it because they can get away with it.


HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

 

Oh man that's a good one. 
 

You can't expect the system to change anything when they don't even follow their own rules

  • Like 1
Link to comment
Share on other sites

5 hours ago, jpd80 said:

Or, just make your computers more secure by a few simple things and then, the problem goes away….

Easier said than done.  Some of the problems are baked into the architecture.  The folks will just move on and find the next vulnerability.  It’s a never ending game of one up man ship.  As Silversvt stated, spend $100 to ward off an attack that cost $1.

 

In the end, it will be a combination of tighter computer security and government crackdown on the criminals.  As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon.  Only if it benefits them will they do anything about it.

  • Like 1
Link to comment
Share on other sites

13 minutes ago, slemke said:

Easier said than done.  Some of the problems are baked into the architecture.  The folks will just move on and find the next vulnerability.  It’s a never ending game of one up man ship.  As Silversvt stated, spend $100 to ward off an attack that cost $1.

 

In the end, it will be a combination of tighter computer security and government crackdown on the criminals.  As Fuzzy eloquently stated that’s not likely to happen in Russia, China, Iran, etc anytime soon.  Only if it benefits them will they do anything about it.

 

The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. 

 

But the bigger issue is that you need to get a baseline first and identify your weaknesses first. 

  • Like 2
Link to comment
Share on other sites

7 minutes ago, silvrsvt said:

 

The issue is that too many people don't understand Risk assessment-You can tighten up your security based on the threat (educate your users on basic cybersecurity, etc) and cover 80-90% of the threat instead of chasing down 100%, which is impossible. Better to be good then perfect and the only thing you have to worry about are Black Swan style events then. 

 

But the bigger issue is that you need to get a baseline first and identify your weaknesses first. 

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.

Link to comment
Share on other sites

18 hours ago, silvrsvt said:

 

I have a friend who sells stone to contractors and he was saying the same thing about masonry...they are about two months out from running out of things. 

 

Stuff that only took 2-3 days to get is easily doubling that now and selection is limited. 

 

This summer should be interesting on how shortages play out. 

 

All new home construction completion has stopped here because of lack of electrical wire. In a normal year over 2,000 homes are built in this area of Central FL. Now none. Big blow to local economy.

 

On a good note, Mullinax Ford has taken delivery of at least 100 new Fords in last 2 weeks and inventory has grown modestly. Mostly FSeries, Escape, and BS.

Link to comment
Share on other sites

1 hour ago, jpd80 said:

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.

 

Local University of Florida Shands Hospital System was hacked couple weeks ago and everything is now done by paper and pencil until further notice. 

  • Like 1
Link to comment
Share on other sites

1 hour ago, jpd80 said:

Also, the issue is larger companies and those with a lot to lose should be doubling down on security.


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

  • Like 3
Link to comment
Share on other sites

9 minutes ago, akirby said:


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

Perhaps critical infrastructure should not be linked to the internet but to its own intranet with no actual

connection to the outside world but the problem remains with need for remote login for employees.

  • Like 3
Link to comment
Share on other sites

46 minutes ago, akirby said:


There are 3 basic levels of IT security.

 

Network (firewalls) - denies access and limits scope of access

System (OS) - denies entry if they do manage to get network access

Application - limits what they can do if they get into the system.

 

Seems to me infrastructure controllers would be fairly static.  I would have a clean copy of the app on standby (powered down/off the network) so that you could effectively just wipe any compromised systems and start over (hopefully after identifying and fixing the vulnerability).  This is pretty easy to do in the cloud but can also be done with hardware.

 

It can also be done with transaction processing systems with a lot of real time data updates but it’s much harder.

 

The question isn’t can they get in.  The question is when they get in what are you going to do about it.

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

  • Like 5
Link to comment
Share on other sites

9 minutes ago, jcartwright99 said:

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

Our weakest link was managers.  Doing stupid stuff with emails.  Everyone else did the training too but complied.  

  • Haha 1
Link to comment
Share on other sites

15 minutes ago, jcartwright99 said:

 

You can't forget people. Education is key. You can have the most secure infrastructure in place but a phone call or email to a gullible employee can be your weakest link. We have an security team that randomly "tests" people. You fail a few of those tests, you get no bonus. If you get fooled again, out of the job.

 

You would be surprised on how many of these hacks are not buy exploiting infrastructure security, more exploiting the weakness of employees. It's all over once they are in.

 

At another job I worked at, we had a plugin for Outlook that you could report phishing emails with. They used to send out fake emails to test employees everyone once in a while. The site I was at did pretty well, but I'd also used to brief new employees and gave Phishing email and other security classes to the people there. Plus we had just under 100 employees, so it was simpler to keep track of them and alot of them (they where assemblers for electronics) didn't even use their emails at their terminals LOL. 

  • Like 1
Link to comment
Share on other sites

 Back in the 90s my buddy saw a developer was surfing porn in the office (on the router).  It wasn’t a big deal back then so he just went to him and said no big deal just don’t do it any more.  He denied it.  My buddy said look we know it was you (by the IP address) but he continued to deny it.  He said you can’t prove it!

 

My buddy called his boss and said fire him.   For surfing porn?  No for being an idiot.

  • Like 3
Link to comment
Share on other sites

On 6/11/2021 at 2:30 AM, jpd80 said:

 Or, just make your computers more secure by a few simple things and then, the problem goes away….

Those days have long past. If you're an interesting target, you have to do many, many complicated things to properly secure yourself.

Link to comment
Share on other sites

In Farley's most recent statement, he said he doesn't expect the chip shortage to significantly improve until 2022 and even then Ford is NOT going back to the old business model of over producing and then offering big rebates to move product. However, I will believe that when I see it. Old habits are hard to break. Ford though is enjoying the higher transaction prices. 

  • Like 1
Link to comment
Share on other sites

4 hours ago, FordBuyer said:

In Farley's most recent statement, he said he doesn't expect the chip shortage to significantly improve until 2022 and even then Ford is NOT going back to the old business model of over producing and then offering big rebates to move product. However, I will believe that when I see it. Old habits are hard to break. Ford though is enjoying the higher transaction prices. 

 

Ford do not operate in a bubble. To the extent that they are obligated to compete for a sale, they will return to (big) rebates. To the extent that the product offering is unique, perhaps they can mitigate their participation.

  • Like 1
Link to comment
Share on other sites

4 hours ago, FordBuyer said:

 Ford though is enjoying the higher transaction prices. 

 

As has been explained many times, Ford does not sell direct, they sell their products to their dealers. So, other than the elimination of rebates and PCO's, how is Ford directly benefiting from higher ATP's?  Isn't it the dealerships that are benefiting from selling at MSRP or adding ADM's?   Or is Ford raising the invoice prices that the dealers pay for the vehicle?

 

HRG

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...