Do wrenches really need to be networked? Honest question
A network-connected wrench can be a component of process improvement or quality improvement.
Imagine network wrench situation:
“Ed, Jim is on door install duty today right? I thought so. The system threw an alarm for his work. The last two doors he’s installed were under-torqued by 50 lbs on each bolt. Head down to production line four where he is, and get him sorted out.”
Imagine non-network wrench situation:
“The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”
Do wrenches really need to be networked? Honest question
The moment my wrenches at work need to be connected to WiFi so some bean counting manager can come lecture me about every nut and bolt I work on, is the moment I wheel my tool cart into the woods and setup a shack.
Prior generations likely said the same thing about putting video cameras in service bays. I know I said something similar if my employer ever required my fingerprints (for unskilled work). Yet both are commonplace today.
Also had them in my classrooms as a teacher and it was great. Not only was I able to close a door to help a single student, but it made a great thing to point to whenever kids were acting up! Lol
There’s no such thing as “unskilled work”. I’d no skill was required, why do you need to gave training to do it? Cooking burgers at McDonald’s? You need to know how long the burgers are to be cooked on each side. Stop calling certain jobs “unskilled”.
Yeah, pretending there’s no distinction is just stupid. Even from a leftist theory perspective, MDs don’t face the same struggles or need the same regulatory oversight to protect their rights as burger flippers.
Like, if they’re pissed at the term “unskilled” they’re welcome to propose an alternative but there’s obviously a meaningful difference.
Unskilled is a term bosses use to devalue a workers labor and value.
What is your acceptable term to describe “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function” ?
Okay, how about “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function.” Its kind of wordy, does that help?
So pressing the button on the timer built into the fryer, since the 70’s, is now skilled work?
There’s lots of unskilled work out there. I’ve done lots of it. From digging ditches to fast food to loading trucks and delivering parts.
None of those jobs require more than a few minutes of training, therefore “unskilled”. And fast food today is even more unskilled… Just follow the diagram in front of you. And you don’t make the burgers in fast food, they come in pre-made in boxes, usually frozen, and you load em up on the automatic cooking device (varies by company). I believe Wendy’s still grills their burgers, using a timer and a rotation methodology, so no skill rewuired.
Hell, even being a line cook is unskilled, and that can be a really demanding job from a time management perspective (I’ve been a line cook).
I’ve worked for the top 3 fast food places, a number of smaller restaurants, and a bunch of other jobs. I’ve had somewhere approaching 40 jobs in my life. Lots out there is unskilled.
“The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”
What’s the ratio of boeing door decompressions to IoT devices being hacked?
So in other words, a dystopian nightmare where, for the sake of paying as low of wages as possible, corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.
Humans make mistakes with tools like this, and with the tracking systems.
BTDT with stuff completely unrelated but requiring verification and validation steps and initials. Mistakes will happen.
Having a tool that’s configured specifically and can document the torque applied for every bolt makes a lot of sense. I’ve assembled stuff with 30 fasteners and had to check and recheck torque, because, being human, it would be easy for me to miss one, or not read the rorque wrench properly (if using a bar type), or mis-set it if it’s a click type.
Nevermind the time it takes me to verify the value, set/check the tool, etc. It’s clearly about reducing errors with a repetitive task and providing a record of the torque values. The folks using these tools probably really appreciate it, I would, and the stuff I’ve done is trivial in comparison.
The only problem with this system is the lack of planning for proper security. Firmware update able remotely is just silly. Add in the number of vulnerabilities… Sheesh.
OK, remotely updateable could be useful, but it should require a long password and a cryptographic pin (like the old SecurID devices that generated a pin once a minute) that is managed by multiple people, and the devices should only permit updates from a specific piece of hardware on the company network (say a vendor supplied firmware update injector) that has a hardware ID. So when devices are on boarded they get paired with that device and maybe a secondary. So it requires a pairing process that can only be done with physical proximity, combined with device IDs and a password/pin pair that’s cryptographically generated, and managed by a system requiring at least two people to check out the password from the repository.
Hell, I just thought up all this on the spot. I’m sure others did too, and got shot down by management.
Follow up question, could the same metrics be captured without a network connection? An alternative might not be as user friendly as an IoT device, but for the last what decade? It seems like investment in IoT is investment in security vulnerabilities.
I know aerospace ≠ automotive but many years ago I worked in a shop and any time the wheels came off a vehicle the mechanic/tech torqued the lug nuts to spec, then a second person independently verified and re-torqued the lug nuts.
It seems like adding a network connection and all that goes with it also introduces additional points of failure, no?
While a second person would indeed reduce the number of issues, it’s still another human to fuck things up. What if the second person is lazy? Or they get tired of checking every door because “it’s never been off before, why would it be off now?”
Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?
Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?
I’m not sure why you should trust a piece of technology to be infallible.
I mean, if a networked tool can be hacked then should it be trusted to be accurate? How do you know it hasn’t been hacked and maliciously modified to report correct torque even when wrong?
Didn’t GM just suspend sales of their new cars without CarPlay because their new system had software issues? Trust a company trying to save money to skimp on the implementation costs of any technology they put in place too.
It’s not so much the technology as the people running a business that worry me, VW programming emission modes is a great example. Relying on companies to regulate safety is a sure fire way to get corners cut so they can make a cent. The network wrench may be a good idea but only if regulated by the FAA and not the company.
In my experience its more prone to mistakes, because people just accept what computers tell them as infallible unless its something so massively, egregiously wrong that it shatters what little common sense they have… and even then its only 50/50.
Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.
People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.
It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.
Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.
What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.
God, I hope the wrench has access to less of the network than the employee.
It’s an IoT device.
You never trust IoT.
It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.
In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.
Best practice ≠ real world application. Based on my 10+ years in IT I’d be very unsurprised to find that the networked wrench has greater access than the person.
The network thing is great until Ed finds out the torque wrench Jim uses doesn’t operate properly because it has been infected with malware for an undetermined period of time.
That said, this is a very niche device. Almost nobody should ever own one for themselves, these are the kind of devices that are provided by the company you work for.
No, don’t you try to come up with some ridiculous scenario to justify this shit.
There is no justification for a fucking network connected wrench.
Its more expense and stupidity to solve a problem that shouldnt exist with proper procedures, and if you arent following proper procedures your wrench being able to update its goddamn fucking facebook page wont make a goddamn difference.
A network-connected wrench can be a component of process improvement or quality improvement.
Imagine network wrench situation:
“Ed, Jim is on door install duty today right? I thought so. The system threw an alarm for his work. The last two doors he’s installed were under-torqued by 50 lbs on each bolt. Head down to production line four where he is, and get him sorted out.”
Imagine non-network wrench situation:
“The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”
The moment my wrenches at work need to be connected to WiFi so some bean counting manager can come lecture me about every nut and bolt I work on, is the moment I wheel my tool cart into the woods and setup a shack.
Good thing they’re primarily talking about things such as aircraft, where this level of analness is sort of the bare minimum.
Prior generations likely said the same thing about putting video cameras in service bays. I know I said something similar if my employer ever required my fingerprints (for unskilled work). Yet both are commonplace today.
Those cameras saved my ass more often than not.
Also had them in my classrooms as a teacher and it was great. Not only was I able to close a door to help a single student, but it made a great thing to point to whenever kids were acting up! Lol
There’s no such thing as “unskilled work”. I’d no skill was required, why do you need to gave training to do it? Cooking burgers at McDonald’s? You need to know how long the burgers are to be cooked on each side. Stop calling certain jobs “unskilled”.
There’s a big difference between needing 6+ months of training and needing only a day or two of training.
Yeah, pretending there’s no distinction is just stupid. Even from a leftist theory perspective, MDs don’t face the same struggles or need the same regulatory oversight to protect their rights as burger flippers.
Like, if they’re pissed at the term “unskilled” they’re welcome to propose an alternative but there’s obviously a meaningful difference.
Unskilled is a term bosses use to devalue a workers labor and value.
What is your acceptable term to describe “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function” ?
“labor”
Bwhahahahaha.
Boy you swallowed the whole thing, didn’t ya?
minutes of training for things like making a burger at McD’s. You just follow the info graphic.
It’s unskilled work, in that it requires no specialized skill.
or 6+ years for certain things…
Okay, how about “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function.” Its kind of wordy, does that help?
Hahahahshsha
So pressing the button on the timer built into the fryer, since the 70’s, is now skilled work?
There’s lots of unskilled work out there. I’ve done lots of it. From digging ditches to fast food to loading trucks and delivering parts.
None of those jobs require more than a few minutes of training, therefore “unskilled”. And fast food today is even more unskilled… Just follow the diagram in front of you. And you don’t make the burgers in fast food, they come in pre-made in boxes, usually frozen, and you load em up on the automatic cooking device (varies by company). I believe Wendy’s still grills their burgers, using a timer and a rotation methodology, so no skill rewuired.
Hell, even being a line cook is unskilled, and that can be a really demanding job from a time management perspective (I’ve been a line cook).
I’ve worked for the top 3 fast food places, a number of smaller restaurants, and a bunch of other jobs. I’ve had somewhere approaching 40 jobs in my life. Lots out there is unskilled.
deleted by creator
What’s the ratio of boeing door decompressions to IoT devices being hacked?
1 to 786
surely we’re in the billions of IoT devices with malware by now right
By the end of its first day, Mirai had infected over 65,000 IoT devices. By its second day, Mirai already accounted for half of all Internet telnet scans observed by our collective set of honeypots, as shown in the figure above. At its peak in November 2016 Mirai had infected over 600,000 IoT devices.
And that’s just 1 botnet out of many.
And 8 years ago, while IoT has grown exponentially
So in other words, a dystopian nightmare where, for the sake of paying as low of wages as possible, corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.
Using technology to overcome human mistakes is happening right now in hundreds of other industries.
Of course, its cheaper.
What began with self-checkout machines will inexorably expand into the more professional realm with tools like AI
The funny thing is, some companies are moving away from self checkouts because of “honest mistakes” by customers.
Humans make mistakes with tools like this, and with the tracking systems.
BTDT with stuff completely unrelated but requiring verification and validation steps and initials. Mistakes will happen.
Having a tool that’s configured specifically and can document the torque applied for every bolt makes a lot of sense. I’ve assembled stuff with 30 fasteners and had to check and recheck torque, because, being human, it would be easy for me to miss one, or not read the rorque wrench properly (if using a bar type), or mis-set it if it’s a click type.
Nevermind the time it takes me to verify the value, set/check the tool, etc. It’s clearly about reducing errors with a repetitive task and providing a record of the torque values. The folks using these tools probably really appreciate it, I would, and the stuff I’ve done is trivial in comparison.
The only problem with this system is the lack of planning for proper security. Firmware update able remotely is just silly. Add in the number of vulnerabilities… Sheesh.
OK, remotely updateable could be useful, but it should require a long password and a cryptographic pin (like the old SecurID devices that generated a pin once a minute) that is managed by multiple people, and the devices should only permit updates from a specific piece of hardware on the company network (say a vendor supplied firmware update injector) that has a hardware ID. So when devices are on boarded they get paired with that device and maybe a secondary. So it requires a pairing process that can only be done with physical proximity, combined with device IDs and a password/pin pair that’s cryptographically generated, and managed by a system requiring at least two people to check out the password from the repository.
Hell, I just thought up all this on the spot. I’m sure others did too, and got shot down by management.
Follow up question, could the same metrics be captured without a network connection? An alternative might not be as user friendly as an IoT device, but for the last what decade? It seems like investment in IoT is investment in security vulnerabilities.
Why not have a two stage torque process?
I know aerospace ≠ automotive but many years ago I worked in a shop and any time the wheels came off a vehicle the mechanic/tech torqued the lug nuts to spec, then a second person independently verified and re-torqued the lug nuts.
It seems like adding a network connection and all that goes with it also introduces additional points of failure, no?
While a second person would indeed reduce the number of issues, it’s still another human to fuck things up. What if the second person is lazy? Or they get tired of checking every door because “it’s never been off before, why would it be off now?”
Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?
I’m not sure why you should trust a piece of technology to be infallible.
I mean, if a networked tool can be hacked then should it be trusted to be accurate? How do you know it hasn’t been hacked and maliciously modified to report correct torque even when wrong?
Didn’t GM just suspend sales of their new cars without CarPlay because their new system had software issues? Trust a company trying to save money to skimp on the implementation costs of any technology they put in place too.
It’s not so much the technology as the people running a business that worry me, VW programming emission modes is a great example. Relying on companies to regulate safety is a sure fire way to get corners cut so they can make a cent. The network wrench may be a good idea but only if regulated by the FAA and not the company.
You are erring dangerously close to the classic “computers don’t make mistakes” argument.
Not at all. A human plus a computer is going to be less prone to mistakes than a human plus a human though.
In my experience its more prone to mistakes, because people just accept what computers tell them as infallible unless its something so massively, egregiously wrong that it shatters what little common sense they have… and even then its only 50/50.
Labor costs are likely the highest input. That solution doubles labor costs for that process.
Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.
People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.
It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.
Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.
What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.
God, I hope the wrench has access to less of the network than the employee.
It’s an IoT device.
You never trust IoT.
It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.
In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.
Hahahahahaha!!! Does solarwinds123 sound familiar?
Best practice ≠ real world application. Based on my 10+ years in IT I’d be very unsurprised to find that the networked wrench has greater access than the person.
Nah. Usually the double checking is added onto a list of another person’s tasks with no increase in wages or allocated time! Lol
Also QA, issue tracking, and litigation protection. This includes worker protection.
“Those bolts? We have the record right here from the very wrench that tightened them that shows they were tightened to spec on that plane.”
The network thing is great until Ed finds out the torque wrench Jim uses doesn’t operate properly because it has been infected with malware for an undetermined period of time.
That it’s admittedly a pretty good point.
That said, this is a very niche device. Almost nobody should ever own one for themselves, these are the kind of devices that are provided by the company you work for.
No, don’t you try to come up with some ridiculous scenario to justify this shit.
There is no justification for a fucking network connected wrench.
Its more expense and stupidity to solve a problem that shouldnt exist with proper procedures, and if you arent following proper procedures your wrench being able to update its goddamn fucking facebook page wont make a goddamn difference.