Bob Karshnia, from Emerson, speaks out on wireless

A week ago, John Berra, CEO of Emerson Process Management, said interesting and arousing things (like “Emerson has solved ALL those problems.”) about Emerson’s Wireless Initiative, which he announced. You can read all about it here.

Because of the huge interest and the questions raised by Berra’s announcement, I met with a group of Emerson executives that afternoon, to discuss some of the FUD already raised by the Wireless initiative. Included in the meeting were Bob Karshnia, director of technology, Gabe Sierra, the product manager for wireless, and Paul Schmeling and Bill Morrison.

Go here to listen to:



Repost of Sound Off for February 2005 from


RFID Considered.

I spent all day today at Rockwell Automation in Milwaukee, Wis., getting a briefing on RFID from Joe Owen, Sujeet Chand, Andreas Somogyi, Vivek Bapat and Matt Bauer. They are pretty much Rockwell’s steering team for their RFID initiatives.

Rockwell got out of the RFID business in 1999 after 15 years of producing chips, readers and associated peripherals. So why a briefing?

Because Rockwell has been being asked by their own customers to help them implement the Wal-Mart and Department of Defense RFID initiatives. So Rockwell decided to approach it as a consulting and systems integration type of business. They already knew a lot of the don’ts, which are often more important than the do’s, by virtue of their former tenure in the business, which allowed them to jump in at a fairly high level.

Basically, the importance of RFID is not the technology of radio frequency tagging. It is what the easy availability of automatic unit identification can do when it is backed up throughout the enterprise.

Yeah, sure, we’ve heard this all before. Last time it was RTPI and the ability to have a completely visible enterprise. The time before that…well, you get the picture.

But I think that Sujeet Chand, Rockwell’s Chief Technology Officer, put it very well. “The major change is not RFID, but the fact that we can Internet-enable RFID technology,” he said. “Using RFID as a tag, as a URL if you will, enables us to begin to hang lots of information on the tag in linked databases all over the world, like sticking cars onto a train. Every time the chip goes through a reader, another car is added to the train.”

The implications of this are staggering.


–Walt Boyes


Is ISA still viable? I was asked that question multiple times last night at the Will-DuPage Section Table Top Show. The jury is still out on that one. The new Executive Director, Rob Renner, is making all the right noises, and some of the right moves. The remaining professional staff seems happier, revitalized and re-committed to the goal of maintaining ISA as the premier technical society for automation and control. The recently announced merger with OMAC (ratified by both organizations now) is another step in the right direction.


I talk a lot about institutional and organizational drag. ISA is full of drag. It is full of people with conflicting agendae. For years, the paid staff was operating on a completely different agenda from the stated mission of the organization: to serve the membership. The Old Presidents’ Club continues to control the Society from behind the curtain, and many of them have been retired so long that they are completely out of touch with what is needed. The recent changes in governance have reduced the influence of the individual member on the society actions, and concentrated authority and spending power in the hands of a very few individuals. MANY knowledgeable and competent volunteers have been driven away from the Society in the past ten years.

ISA says they are 30,000 members strong, but private estimates given to me by long-time ISA volunteers are closer to 20,000 worldwide. This is nearly criminal, considering that if you look at just InTech’s circulation, there are close to 70,000 people who get ISA’s magazine every month, most of them without bothering to become members. The best estimate I know of is that there are close to 200,000 potential members out there.

Will Rob Renner save ISA? Hell no. Not by himself. But if you are a believer in the history and mission of ISA, step up and give Rob a hand. God knows he needs it.


–Walt Boyes


Regarding language standards, MTL’s Steve Yates writes from Lyon, France:

When I comment on spelling mistakes or bad grammar, the normal response I get is ” All that really matters is that you get your point across.” Total rubbish of course but is there any way to stop this rising trend? SMS “speak” is the latest thing that is contributing to the demise of proper English.

Well, you are certainly right, Steve. But it isn’t just English. France has been complaining for years about the pollution of the French language with anglicism. I’m sure the Japanese and Chinese language pundits aren’t happy about the loan words we’ve forced on them. An airplane pilot isn’t “anjin” in Japanese any more, he’s a “pirotu” (sound it out…) and people go to upper floors in buildings in an “erebata.”

The current ControlGlobal webpoll shows that there is a huge hole in automation professionals younger than about 30. Nobody is coming up to fill that hole, and the potential for stunning losses of institutional memory is unbelievably large. And most of the young people believe, as does one poll respondent, “Nobody stays in automation unless forced.”


–Walt Boyes


Sure, this Chief Editor gig is fun. Sure I get to fly around and hobnob with bigwigs from vendor and end-user companies. But the reality is that I spend a lot of time proofreading. So it isn’t a surprise, or shouldn’t be, that I am driven nuts by seeing typos, grammar and spelling errors in my own magazine and website, and in anybody else’s for that matter. I was just on the Fermilab website…to do some research for my forthcoming editorial in April, “Can Cheap Flowmeters Be Good?” and there it was:

Fermilab Colloquium, 2/23: Tsunami’s: Detecting, Simulating and Chasing them – Emile A. Okal, Northwestern University

It couldn’t have gotten me more if the darn apostrophe was blinking. The red emphasis above is mine.

At Fermilab, there is one of the largest concentrations of smart people in North America, maybe even the largest (depending on whether you count MIT or not). That there would be such a stupid typo on their home page is distressing.

But language standards have been slipping for some time…some people attribute it to television, others to dumbing down schools, others to poor parenting skills in the “me” generation… I don’t know why, I only know that it is amazing how many people, otherwise educated well, and with high native intelligence, can’t spell, or write with correct grammar.

As Rich Merritt pointed out in his Control Report column in the March magazine (forthcoming), English is becoming the worldwide language for process automation, in part, because translating an already poorly-written manual in English into another language usually makes it doubly poorly written, and filled with potentially dangerous errors.

Whew. I feel better now.


–Walt Boyes


More on crackers and RFID…I am not one bit less terrified by what Dale Peterson, our Secure Systems Insider columnist, and Security Guru from Digital Bond writes:

We also see many people use the passive RFID proximity cards to control physical access to the control center and other locations. It is relatively simple to recover the signal these cards generate. If you really wanted to clone a card you could just go to a local restaurant where employees eat lunch; have your equipment in a bag; and bring your bag close to the passive proximity card.

Certainly the cards are better than no access control, but I sense that most people overestimate the security these cards provide. Most of the vendors have higher security solutions that require a prox card and PIN, prox card and fingerprint, or use a smart card chip on the prox card. You may want to talk to one of these vendors.

And I am going to. I am attending a press briefing at Rockwell’s RFID lab on Monday, February 28, and I will be with child in anticipation of what they say.

Somehow, it seems to be extremely difficult to get people to pay attention to security. The script kiddies’ slogan, “Information just wanna be free!” only applies if you know how to steal it. And the price of that knowledge keeps going down.


–Walt Boyes


Codebreaking: the sport of teens. Or is it?

I am slightly terrified by the implications of an article that appeared in the February 5th edition of Science News. The article, entitled “Outsmarting the Electronic Gatekeeper,” showed how easy it was for someone to reverse engineer the codes of the ExxonMobil SpeedPass and the “smartkeys” that many of the top automakers are providing their buyers with. ExxonMobil’s J. Donald Turk claims that “if you look at the kind of equipment and time needed by the researchers to break this, it’s not what would normally be considered an attractive theft opportunity.”

But wait. According to the crackers, Ari Juels of RSA and Aviel D. Rubin of Johns Hopkins University, this could be done by “an attacker with modest resources–just a few hundred dollars” of off the shelf equipment.

Script kiddies, yes. But when you look at the potential for profit engendered by possession of these code keys, for car thieves and gasoline thieves, and identity thieves in general, I have to wonder what ExxonMobil’s Mr. Turk is smoking.

Especially since a huge credit card data warehouse was just forced to admit that hundreds of thousands of consumers had their financial data swiped by an organized gang of identity thieves. Not a set of script kiddies at all.

It isn’t a very long stretch from there to the fact that both al Qaeda and the Irish Republican Army have members who are cryptographers and computer crackers, and both have a history of large scale “fundraising” activities, including, on the IRA’s part, the world’s largest bank heist.

So, what do you make that’s worth stealing?


–Walt Boyes


I’m getting ready to go to National Manufacturing Week…which, as recently as 1998 or so, was a jumongous event, with five shows, concurrently running, and filling all of McCormick Place, not just the Lakeside Center. NMW has already announced that this will be the last year for McCormick. Next year, NMW will move to the Rosemount Convention Center, near O’Hare Airport.

This is quite a come-down, but NMW isn’t alone. ISA will not fill up Lakeside Center this fall, when the ISA Show comes to Chicago after a two year absence. In fact, it is quite likely that the ISA Show might not fill up Rosemount, or other medium sized venues.

What this is about is the demise of trade shows. As NMW and the ISA Show indicate, while the dinosaur continues to roar, and thwop around, the traditional trade show is deader than a box of rocks, even though it hasn’t quite penetrated to its wee tiny dinosaur brain.

At the same time, events like User Groups, and like the CONTROL AutomationXchange are proliferating wildly. It is instructive to note that the Rockwell Automation Fair was as large as the ISA Show, last year.

So, why do people go to User Groups? Why do vendors and end-users get together at AutomationXchange? It is about exchanges of value.


–Walt Boyes


Here’s a little engineer humor for the weekend, from my friend Leon Jester:

What an Engineer really means…….

– We are still pissing in the wind.

– We just hired three kids fresh out of college.

– We know who to blame.

– It works OK, but looks very hi-tech.

– We are so far behind schedule the customer is happy to get it delivered.

– The darn thing blew up when we threw the switch.

– We are so surprised that the stupid thing works.

– The only person who understood the thing quit.

– It is so wrapped up in red tape that the situation is about hopeless.

– Forget it! We have enough problems for now.

– Let’s spread the responsibility for the screw up.

– We’ll listen to what you have to say as long as it doesn’t interfere
with what we’ve already done.

– I can’t wait to hear this bull!

– Come into my office, I’m lonely.

– Parts not interchangeable with the previous design.

– Too damn heavy to lift!

– Lighter than RUGGED.

– One finally worked.

– Achieved when the power switch is off.

– Impossible to fix if broken.


Our pharmaceutical industry friends are all up in arms because Michael Moore has decided to focus on the drug manufacturing industry for his next magnum opus. Our sister magazine, Pharmaceutical Manufacturing’s Managing Editor, Paul Thomas, takes this subject on, a little tongue in cheek, here, at The Scruffy Guy Cometh. I had trouble stopping laughing.


–Walt Boyes


I was thinking some more about Actio’s database, and what it could do. For example, integrating that kind of information with the alarm management system could produce something like this:

Alarm 20: Tank 34 Overflow

Material: H2SO4, requires special handling, click here for detailed info.

Plant Security has been notified

Plant Hazmat Team has been notified

Automatic shutdown sequence initiated for Tank 34.

Product flow re-routed to Tank 35.

Pretty cool, eh? How much would something like this save you?


–Walt Boyes


There is a reason everybody treats MSDS requirements like pariahs. It costs money. It takes money directly from the profit line to deal with environmental and safety regulations, so companies generally do the least necessary to conform to the letter of the law, rather than the spirit.

But what if MSDS information could be used as a cost avoidance center? Or even, heaven forfend, what if MSDS information could be shown to be capable of providing enough process improvement to provide a positive contribution to the bottom line? That is, what if you could make money using the MSDS information you have to keep?

Actio’s MSDS database is ODBC and OPC compliant, so it is relatively easy to extract information from the MSDSVault and insert it into the Asset Management System, or the CMMS or the Alarm Management System.

Now think about what you can do to improve your MRO operation, or the ability of your first responders to resolve a plant shutdown more quickly with this data.


–Walt Boyes


Consider the lowly MSDS. The Material Safety Data Sheet is treated like a pariah by almost every company in the USA, and its analogs are treated similarly around the world. In almost every company, some poor schlub or schlubs gets tagged with being responsible for keeping and updating the MSDS library, and usually, they get to do this on top of their other duties. So, often, the MSDSes get put in a pile in the corner of the poor schlub’s office, never actually to be used for anything but regulator candy. You know, for when the regulators from OSHA inspect the plant. The poor schlub bets that he or she will find time to deal with the paper before the next inspection. Sometimes he or she guesses wrong. Oops.

Now consider that there is a lot of very interesting information in an MSDS. That’s what happened a few years ago, when Russ McCann and Kal Kawar started a company called Actio. Actio took over a half-million MSDSes and digitized them, scanning them into a relational database with over 900 fields. Now, they had all that data from a whole lot of MSDSes, and it was in a form that could be used to do other things than simply keep a static record of what a company has on hand that is a hazardous chemical.

Now, how could they get companies to use the data they had? Kawar, a software expert, and McCann, an entrepreneur who had just sold a company to Adobe Systems, decided to bank on the then-emerging .ASP web technology, and created a product called MSDSVault, which provides online immediate access to a complete, always updated library of MSDS data that is specific to the individual user, facility, or company enterprise wide.

Then they created inventory tracking and regulatory reporting software to go along with it, also web-enabled, and a way of authoring new database entries as new MSDS are released or come into use at a company.

Now they are trying to get traction with a complete product lifecycle management environment called Gatekeeper, that makes it possible to use all this data.

Not bad for a start.

Now, what can they do for an encore?


–Walt Boyes


So, what’s a chimera and what does it have to do with process automation? Yesterday, the Washington Post reported that the Patent Office rejected a patent for a chimera: an animal that looks like one kind of animal and has the genes of another. This particular chimera was designed to be half human, half chimpanzee, and was intended to be rejected so as to set a precedent that you can’t patent something that is “too close to human.”

What this has to do with process automation is this. We can now make mice with human immune systems. We can make “geeps,” crosses between goats and sheep. We can now make biological computers, too. It is not even difficult to make the stretch between what we can do now, and what we could do in a very short time. One of those things would be to create chimps and other greater apes with near-human intelligence, and put them to work doing many tasks now done by human workers. One of the ones that comes to mind is “plant operator.”

What company, in today’s environment, would not jump at the opportunity to own its operators? After all, slavery is against the law…but only for us humans.

This is a very slippery slope that we are on, friends. Think of all the ramifications of this…carry it out to its logical endpoint…and enjoy the migraine.


–Walt Boyes


Happy Valentine’s Day to the Process Automation Professionals out there. You do a difficult, arcane, and underrated job. You have been responsible for more productivity and more profit than any other workforce in world history, yet nobody knows your names. You made possible the lean, six-sigma, agile plant, yet nobody considers you on the high tech cutting edge. You have made it possible to seriously think of running a completely automated industrial plant in our lifetimes. Yet your salaries are capped while the executives you’ve enriched make off with millions. Let this be said, loud and proud. I’m an automation geek too, and I love it.


–Walt Boyes


Move over, Jim Pinto! Move over, Dick Morley! The new poet laureate and prophet of Geek Pride has arrived. Meet Rajeev Bajaj, CEO of Silicon Valley startup SemiQuest, who has released a new CD of “geeksta rap.” His CD, “Geek Rhythms,” is sitting at about 2300 on the sales chart. Actually, that’s Doctor Rajeev Bajaj, who holds a Ph.D. in chemical engineering.

“I made the calculator and computer, too,

’cause math is not something everybody can do…

I am an engineer.

Respect my mind.

So bow down when u see me downtown.”

Get “Geek Rhythms” at


–Walt Boyes


Is Emerson going to jump on the growing bandwagon and offer complete asset optimization services as well as the software to do the deed? Pity the poor plant operators, assaulted from every side with offers to help them do their jobs, manage their assets, improve their productivity, and even run the plant remotely. Oh, darn, sorry about that job, there, Mr. Operator, but we don’t need operators any more. We just outsourced operating our control system to . After all, nothing can go wrong, go wrong, go wrong, go wrong…


–Walt Boyes


More on “drag factors.” Former HP CEO Carly Fiorina was mostly a victim of drag factors that she was unable to overcome. This is a very high profile example of what happens when you try to change a corporate culture. The first thing blogged yesterday, according to CBS Marketwatch, was “Ding Dong, the witch is dead!” The Silicon Valley message boards and blogs were full of this sort of relatively juvenile explosion of testosterone. But even if it had been Bill Hewlett and Dave Packard themselves trying to re-invent HP, it is likely that the drag factors at Hewlett-Packard would have defeated them too.

Drag in organizations is easy to see, but difficult to stop, because it is essentially a non-action. You can’t stop somebody from “not doing” something the way you can stop somebody in the act of doing. And all that has to be done is to “outwait” the change agent, like the Boys in Boyland outwaited the Babe.

In process automation, pay close attention to the plights of Invensys, Honeywell and Siemens, especially, as they struggle against drag factors in their own organizations and managements.

Until the research consultants that are pushing so hard for LEAN and realtime manufacturing figure out how to deal properly with organizational drag factors, and start helping their clients to deal with them, you can expect many more failures and ex-change agents than successes.


–Walt Boyes


Regarding the Yokogawa vs. Activplant thread, Activplant Corporation vice president Robert Lendvai writes,

“Activplant has yet to contact Yokogawa about our concerns with the Vigilantplant name and the way in which they use it. As such, it would be not be appropriate for me to comment on the matter in a public forum such as your blog.”

I certainly can’t blame Bob. Hopefully, the two companies can now go off in private and figure out how to settle this without more public spectacle.


–Walt Boyes


On “drag”, Richard Carey from Michelin North America writes:

I agree completely! Bravo! I am an engineer with 30+ years in the field, and run into drag factors every day. One of the worst is that the middle managers who approve / recommend projects have no idea what SCADA / HMI can do for them. Most are products of business school, and don’t know what I/O, SCADA, PLC, and other Acronyms mean. The machine is making reasonably good product right now, so what benefits will a costly modification get them? I can tell them: better quality, more up-time, better machine utilization, real time management info, etc. All I get in return are blank stares. They are thinking that there is no way a piece of software can give them that. Most have no experience with a system that really gave them that, so how does one go about educating these middle managers to show them (1) that the modification can really deliver, and (2) that it will be worth the time and expense of implementing? The manufacturers of SCADA and even HMI systems need to sell to these middle managers as well as the engineers who will choose which product. It does little good to just sell to the engineer, when he/she can not get the project funding approved.

And you are right, Richard! You have to have real forward thinking from upper management to force the “drag factors” to the wayside…and nobody wants to talk about shooting every tenth middle manager pour encourager les aultres as Napoleon put it. I’d sure like to hear from ARC what their real advice is to people who are in your position, rather than to the CEOs they usually talk to.


–Walt Boyes


Have you seen If you haven’t go there now. I typed in “process automation” and got a term paper back on control and automation that included definitions and all kinda good stuff. This is certainly the future of search. It is what was set up to provide in our little niche…deep, actionable content that people can use to do their jobs better. also provides a 1-click answer client…download it and then do an alt-click on ANY word in a text file, and it will look it up for you. Neat.


–Walt Boyes


Yokogawa responds:

Yokogawa VigilantPlantÔ is the continuation and natural evolution of Yokogawa’s VigilanceÒ campaign, which is over two years old. VigilanceÒ is the registered trademark of Yokogawa Electric Corporation (filing date November 7, 2002, registration date December 2, 2003, with the U.S. Patent and Trademark Office). The design of the VigilantPlantÔ logo is derived from the design of the registered VigilanceÒ logo. It has no relationship to either VisualPlant (which is an abandoned trademark) or ActivPlantÔ (which, like VigilantPlantÔ, is awaiting registration).

No direct comment from ActivPlant…especially about exactly how trademarked their trademark is.


–Walt Boyes


Jim Pinto’s eNews (current edition),, has a very interesting analysis of Yokogawa, and their intention to be “number one by 2010.” Jim is an opinionated, but knowledgeable observer, and he makes some excellent points.

I have yet to hear back from either Yokogawa or ActivPlant on the trademark issue. It would be a serious setback to Yokogawa to have to deal with a prolonged intellectual property issue as they try to penetrate the North American and Western European trade areas.


–Walt Boyes


I don’t usually blog on weekends, but this one I have to do. Yesterday, I got, from a person I didn’t know, and from a hotmail address, the following:

“You’ve got to feel bad for the poor folks from Yokogawa. Not only have they struggled to build awareness for their company outside of Japan, but their latest attempt at developing a new brand will be very short lived. Apparently, their marketing folks in Japan have done a complete “rip-off” of manufacturing intelligence leader Activplant/VisualPlant wordmark and trademarked brands.The folks at Activplant have already received numerous calls from customers that attended this week’s ARC Forum for their reaction to Yokogawa’s outright theft of the Activplant/VisualPlant brand.In fact, key Activplant customer Toyota and their integration partner ACE Technologies could barely sit still as Yokogawa’s pint-sized CEO introduced the Vigilantplant brand at Wed’s press conference.

Take a look at to the unmistakeable similarity between visualplant and vigilantplant.

Terry Kowplan”

I don’t know who Terry Kowplan is, and repeated requests for he or she to identify him or herself properly were met with cute replies. Apparently, Kowplan works for Activplant or its marcomm organization, and is doing a bit of guerrilla marketing.

I looked at (which doesn’t exist anymore, the name having been changed to activplant) and there is definitely a similarity, even to the logo design.

What I object to here is the attempt to manipulate the press by sending out essentially anonymous diatribes that read like somebody long familiar with putting out press releases wrote it.

So, here are MY questions, folks.

Did Activplant contact Yokogawa directly before “Terry Kowplan” sent out his/her poison pen email? (According to a highly placed source at Yokogawa, they had not, but I want to hear directly from Activplant.)

Are the people from Toyota and ACE (they are on the ARC roster, and I saw them at the meeting in question) willing to stand up and tell us who they are? Why didn’t they bring this to Yokogawa’s attention right then?

Yokogawa has promised me a comment as soon as they figure out what they are going to say. This clearly came as a great shock to them, and it will be interesting to hear their response.


–Walt Boyes


Here’s a question for all you system security folks out there. If we, as everybody is recommending, completely isolate the control system from everything else, and make everything go through a firewalled shadow server, what is that going to do to the new businesses people like Rockwell, Invensys, Honeywell and Emerson are trying to do in contract remote monitoring, repair, and asset management? As Rich Merritt asks, in his upcoming cover article (CONTROL, March 2005), “Besides, why would you need access to the Web to control a process?” So, vendors, it seems like letting you do remote monitoring, remote alarm management, remote calibration and remote asset management may put the process you are monitoring, managing, and calibrating into more peril than if you just let the operators do it like old times.


–Walt Boyes


We’re coming to get you and we’re coming on strong! That’s the message Yokogawa CEO Isao Uchida delivered last night at the introduction of their new DCS concept, Vigilant Plant. Pointing out that this is Yokogawa’s 90th year in the controls industry, Uchida-san claimed large sales increases “outside Japan”: “20% sales increases outside Japan annually since 2000, so we are gaining market share. Some of the competitors in this room are not happy,” he said, “but competition is…competition.” Uchida-san declared his corporate intention to be number one by 2010.

Now, one can argue that combined with the sales decreases inside Japan, Yokogawa’s recent growth rate is really about 10%, which is in line with every other major automation vendor, and in fact, one of those “competitors in this room” did argue that with me over dinner later. But the fact remains that Uchida has definitely thrown down the gauntlet to Emerson and the rest of the Big Six.

He also said something else very interesting. He said, “Yokogawa takes full responsibility for these systems and products.” Does he really mean that? Is Yokogawa actually claiming system responsibility in general? If he is, this is a major step forward in vendor accountability, because, as we all know, vendors are always trying to duck responsibility for how their products are actually used, and whether they work to spec in YOUR process.

And finally, now there are three. Although serious questions still are being asked about the philosophy, it seems the majors are embracing the combined DCS-SIS philosophy. Yokogawa introduced something called ProSafeRS last night, which makes them the third major player to do so, and the second in a month. ABB, you will recall, introduced their combined DCS-SIS offering in early January.

But here’s the rub. Yokogawa’s system is not yet TUV certified (they say certification in March, for sure) and according to Chief Technology Officer Akira Nagashima, they only have beta test installations even in Japan.

So, even though there are three systems to choose from, are there really? Emerson is famously not shipping yet. It was a little unfair for Nagashima-san, last night, to respond to my question about exactly what differences existed between ProSafe and Emerson’s system by saying, “Well, Emerson isn’t shipping yet.” After all, neither is Yokogawa. And although ABB insists they have installations, and are in fact shipping product, their competitors continue to insist that the only installations ABB has are the beta test units at Dow Chemical, and they won’t ship production units before anybody else does.

And so it goes. Is it product innovation? Is it, as Ed Sederlund from Dow claims, a legitimate concept to combine DCS with SIS (after all, Dow’s former proprietary DCS system did it for years) or is it more vendor FUD? As users, we will only get to make that decision after we see product in the field.


–Walt Boyes


Revolutions R Us! That’s what Andy Chatha, CEO of ARC Advisory Group preached yesterday at the ARC Forum. And the Chinese are coming! The Chinese are coming! So the time is right for a revolution in manufacturing. Finally we will all become those lean, realtime manufacturing companies the TLA (three letter acronym) consultants have been preaching about for the past 20 years.

Right. Maybe.

One of the things that always bothers me about the analyst-speak and consultingese contingent is that they’ve been preaching the same things (hey, me too, because I’ve also been a consultant and an analyst in my shady past) for years, and it seems so obviously a no brainer to do these things, yet fewer than half of American companies (or European companies, for that matter) are using realtime key performance indicators and other techniques from “the factory of the future” to run their operations. It may be as low as 2%.

The people who present at these Forums are long on the advantages of doing these things, but, you know, they don’t ever talk about drag. Drag factors are what I believe is holding things up the most. Drag like institutional unwillingness to change, work rules, and so forth. Just once, I would like to hear a paper that was a balanced presentation of what should be done, and what is necessary to get what should be done done.


–Walt Boyes


Welcome to a new month. Emerson is going to have a big splash announcement in early March…they’ve invited a whole bunch of press to Kennedy Space Center for the announcement. PlantWeb goes to Mars?

I’ve seen the first effects of Gene Yon (ex Foxboro big boss) at his new company, Adaptive Instruments Inc. ( The Accutech product line has figured out that people don’t want to buy their sensors from one company, and then go to another company for wireless. Here at ARC, Accutech is showing a line of smart process sensors with integrated 900 MHz spread spectrum radio transmitters (conservatively, 1000 feet transmission in any weather) and a nifty host radio that will handle up to 15 nodes in a frequency hopping schema. Modbus output connects the host to DCSes.

I am also looking forward to meeting with Millennial Net. I hear they have mesh networks installed and working now…so I can start talking about real world applications the next time we bring you words about mesh networking as the coming attraction for industrial wireless.


–Walt Boyes

Repost of the January Sound Off from

I am in Orlando, attending the ARC Forum ( This annual meeting is all about real time performance metrics and the changes to production that companies can do if they adopt these principles. I admire ARC for continuing in the face of massive ennui to pound this bully pulpit. The fact is, those few (and I DO mean few) companies who have put their money where ARC says to have reaped great rewards. So why isn’t there a stampede of companies trying hard to get on the real time performance bandwagon?
–Walt Boyes1/28/2005
Consider the lowly spray nozzle. Nearly every plant has some, many, especially in the food industry and in the paper industry, have gazillions of them. If you have some, when was the last time you looked at them? Are they on a regular preventive maintenance schedule? The folks at Spraying Systems Co., Autojet Div., think you ought to think about how much you might be wasting with worn nozzles. They have a calculator on their website that figures out payback for things like replacing nozzles, measuring flow and pressure, and so on. I was amazed at the realistic payback they were showing. So, what other lowly devices in your plant can you use to up your ROI?
–Walt Boyes

EZ is as EZ does!
After five years of being best buds, and helping to make a huge success, Shalli Kumar, CEO of AVG Automation is taking the big direct reseller of automation products on as a competitor. His new catalog,, looks startlingly like ADC’s, with little red and green “thumbs up/thumbs down” indicators on specification comparisons, and little red and green men in hardhats. Sound familiar? Well it should. And why does this stuff sound familiar? Because EzTouch and EzText products made by AVG have been sold by AutomationDirect for years.
Is the divorce amicable? It is, according to Kumar. He says he has given strict orders that there will be no badmouthing ADC by his people, and that he wants to continue working with ADC on the product lines they currently sell. I haven’t been able to get a response back from AutomationDirect yet, but I will post it as soon as one comes in.
Does Kumar expect to hurt ADC? “Not really,” he says, “I expect there is more than enough room in the direct selling model for the two of us.”
He also says that his model is really “Dell meets Best Buy,” having already signed up a bunch of VARs. “Direct pricing, but with local service worldwide,” he said, “is our key to being better.”
Is he right? And is he willing to put the money up necessary to overcome AutomationDirect’s huge marketing machine and brand strength? He says he is, but we shall see.

Another skirmish in Fieldbus War II was fought yesterday on the Automation List ( by noted automation gadfly, Curt Wuollet:
“I have also finally had a need to take another look at Profit^hBus(sic). In my first study of the enigmatic, secret, cult driven fieldbus, I found no useful information save that it turns good old RS485 into a occult medium with dependancy on your vendor assured. But, driven to overcome my revulsion by having some actual use for the knowledge, I popped the term into google and started surfing. The site required full membership to download any of the papers of documents. Undeterred, I surfed further and gleaned very little of use. So I added Open Source to the search term as this is usually the gateway to free information. Not much going except for a nodave project which I bookmarked to peruse later. But I did hit an announcement that had me laughing and made my whole day. It deals with ProfiNet which sounds like but is not Profibus on Ethernet.”
See our coverage of ProfiNet’s press tour for details.
Wuollet continues, “They make profuse use of the word Open, and even mention Open Source but then go on to name Microsoft and every proprietary protocol in their family. No mention is made of working with anything else and the whole thing comes across as a way to pay lip service to the trend in Europe towards OSS and the ever popular Ethernet without giving up anything. Perhaps it’s just my consumer orientation, but I think you’ll enjoy the name dropping, doublespeak and propaganda. It makes Modbus/TCP look like a Stallman/GNU projectin comparison…”
–Walt Boyes

From Gene Giltner, of Patrick Engineering (, one of our Editorial Advisory Board Members:
“Once upon a time while walking through a food processing facility I mentioned to my host that one of his tanks was overflowing. He said it did that every once in a while. Since I was there on a protracted startup and it bothers me when things like that happen, I took a look at it during one of those stretches in the startup when others are forcing you to wait.

“Now, this tank had two valves, one, which modulated to control level, FV-101, and the other, which modulated in response to downstream demand, FV 102. As the demand decreased, FV-102 would begin to close and FV-101 would follow. This is a common scheme that works well and indeed worked 95% of the time at this plant. Did I mention that this place did not have real time trending available on the control system? Standing in front of the MMI (I’m still a chauvinist and they are Man Machine Interfaces) with coffee cup in hand, I happened to witness the PID loop on the demand start to close down valve FV-102. FV101 followed vary nicely, especially after being tuned, until the FV-101 got to be less than 5% open at which time the valve continued to close and the level continued to increase.

“Seems the plant had installed air solenoids in the air supply lines to close the valves when they were less than 5% open. This scheme worked will to save the plant money on compressed air. However the level control valve was an Air-to-Close valve that went wide open when the solenoid valve on the air supply was closed. The only way to find this was to trace the airline back to the air junction box and find the mischievous solenoid valve.

“Here was another case of the equipment doing exactly what it was supposed to do, but not what we wanted it to do.”


–Walt Boyes

Spending the weekend shoveling snow gives you lots of time to think. Several years ago, ISA Executive Director Glenn Harvey, in his retirement lecture (he got out while the getting was good; ISA was still in good health and growing) averred that the profession of controls engineer was dying. Was Glenn right? Even though he was very prickly to work with, nobody doubted Glenn’s vision. His point was not that the profession of controls engineer was going out of business, but that it was changing beyond all recognition. He was very right.
Field instruments are becoming a technician’s game. Partly this is because field instruments are smarter, but technicians are smarter too, and they have tools that those of us who did our field tech work in the 1970’s can only marvel at. Control systems are becoming more open, and the goal of single user interface, plug and play is within reach.
What this means is that, like IT itself, the controls engineering profession is being subsumed by the surrounding task sets. Like a big Venn diagram, the intersection of process engineering, instrumentation design, control engineering and maintenance and operations, is swallowing up the “independence” of its parts. People who work in process automation now have to be process generalists who know how the process works, as well as how to measure it and control it.
–Walt Boyes

Beating the two organizations to the punch by a couple of hours, Rockwell sent out a press release this morning supporting the “recently announced” merger of ISA and OMAC. This of course sent us all into a tizzy. How come we didn’t know about it? Well, we didn’t know about it because ISA and OMAC announced their upcoming merger about two hours later. So, it is true. The process industries largest automation society is finally getting some traction in the discrete factory automation space, after almost two decades of trying. Does this mean that “Motion Control” magazine will come back? The fact is that ISA has been trying to represent OMAC’s core constituency for years, and this merger, which makes OMAC a subsidiary of ISA, is a no brainer for all concerned.
Is World Batch Forum next?
–Walt Boyes

Sometimes, I really wonder what makes Microsoft tick. After years of fielding bad press and gaining some of the most powerful brand negatives in the world (really, who do you think of when you hear the term “Evil Empire”? Not the Former Soviet Union, duh.) they have been saying for over a year now that “Security is Job 1” to them.
Then they release an anti-virus tool that doesn’t even find all of the top ten virus infections, and they intend to upgrade this tool only once every month, not every week, or every new virus outbreak. I’ll stick with Symantec and McAfee and their third party brethren for the time being.
Their anti-spyware tool is better, even in its current beta state, but it still isn’t adequate.
With all of M$s money, you’d think they could negotiate a license from one of the security firms and just use the straight stuff.
We’re stuck with Microsoft for process automation solutions for at least the foreseeable future, and it would be nice if they showed they cared…more.
–Walt Boyes

We talked about branding recently. One of the things that grows a brand quicker than anything else is “word of mouth”…what the marketing gurus have started to call “viral marketing.” What is interesting about this is that viral marketing has the same property that branding does…it is not in the control of the brand being marketed. You just have to hope that the word of mouth on your product is a “good word” and not otherwise. If you have any influence on this, it is to make sure that you clearly state what your policies and goals are, what the performance of the product is, and then do exactly what you said you would do, every time.
Lately, we’ve been seeing some word of mouth about Eoin O’Riain’s respected website and e-newsletter, Readout, (http://read-out/net/signpost/cybersafe.html ) picked up information on our new e-magazine, SecureSystemsInsider. Andrew Bond has picked up some things for his magazine, Industrial Automation Insider ( we have been sharing some content with (formerly for some time. Thanks for passing the word, guys.
In the same vein, we are pleased to note that we are beginning to pick up a following in Russia! We received the following fan mail: “My name is Lester Powell. I am currently working with SPIK SZMA, a mid sized control and information system integrator in St. Petersburg Russia. We are aggressively implementing a formal project management methodology and lean/agile design & implementation processes. As part of moving this effort forward I routinely share state of the art methods, approaches and best practices from the international community. I recently shared an article from your July 2004 issue entitled “Designing Control Rooms for Humans” By Ian Nimmo and John Moscatelli. The article received rave reviews by our managers and engineers. The article addresses numerous issues that plague operations for all of our customers on a daily basis. As a service to our customers we would like to post the translated article on our and our associate’s web sites. The article has been translated in its entirety including publishing and author credits.” Thanks, Lester, and we will be sure to post the translated article in tandem with the English language original on
Also, visit for detailed information on the MERA International Trade Fair for Measurement Control and Automation.
–Walt Boyes

ABB announced some serious initiatives for Industrial IT and their flagship control software, System 800xA. Following in Emerson’s footsteps, they announced a System 800xA SIS product, and pointed out that, unlike Emerson, the ABB system is shipping already. Dow has installed 5 systems and Petro-Canada’s DeRuyter North Sea platform will be the first non-Dow system shipped. Bob Hausler made a big, and honestly refreshing point of saying, with every new announcement he made, “And this is fully released, in stock, and shipping now.”
Wouldn’t it be nice if every vendor waited until they actually had more than vaporware before making product announcements?
–Walt Boyes

So I went to Cleveland. It was cold and snowy, but that’s not news. Last year, I went and came back and wrote an article for CONTROL talking about the Holy Grail of process automation. Well, I had some interesting discussions with ABB’s Roy Tanner about the search for the Grail. From my point of view, the Holy Grail is a set of software that is so integrated that it can start at the simulator level, output loops based on the process sims, allow the process engineer to take those loops and using OLE and OPC tools, create smart P&IDs that can do their own loop diagrams and wiring diagrams, complete with wiring schedules, marshalling tables and tag numbers…and then automatically create the control strategy for those loops, taking into account that, as John Gerry of Expertune put it in the forthcoming February CONTROL, “sometimes a loop works better detuned.”
The software would automatically integrate (not link, integrate) with CMMS and other asset management software, and to the business systems, and changes to equipment and instruments made as a result of the downstream stuff like maintenance would automatically roll back into the drawings, and back into the sims. Holy cats! We’d have live, self-editing and self-updating as-builts! How much would we all pay for that!
I have to give credit to a fine gentleman named Robert Pawley, whose Instrument Design Works software was the first credible attempt at this sort of synthesis of the control system software with simulation, design, asset management, and the business system. It was an idea way ahead of its time, which looks like it has finally come.
–Walt Boyes

Free, all expenses paid trip to Cleveland in January!
That’s right, I’m leaving tonight for the annual ABB Press Event…held every January in that garden spot of the world, Wickliffe OH. This reminds me of the dubious honor of having to deliver a paper at the Hibbing ISA Show in International Falls MN, also traditionally held in January. Since it is 2 degrees F. outside right now in Chicago, I’m dreaming of, oh, say, Aruba, not Cleveland.
It appears that ABB is going to introduce their competition for the Emerson combined SIS system. It remains to be seen if the user world will accept an SIS system that is not completely isolated from the control system. We will also be treated to a lot of winning war stories about how their System 800xA is being used to replace legacy systems from all their competitors…just the same stories their competitors tell when we go visit them.
–Walt Boyes

I am pleased to announce that Dale Peterson from Digital Bond will be providing content for SecureSystemsInsider, our e-magazine devoted to process system security. Dale will be writing a column every other issue of SSI. I am looking forward to his first one.
–Walt Boyes

Reply to Tsunami sound off:
As a native Floridian, I ask that all the money that’s left over when the cameras stop covering the story — about a week from now — be sent to Florida, to help the people who were hit by four hurricanes. The media coverage in Florida lasted about two days, so those poor folks didn’t get any support other than the promise of Federal loans. We could also send some of the money to California, to help the mud slide people.
–Rich Merritt

I’ve been asked about the recent alliance between Rockwell Automation and Endress+Hauser. “Why are they doing that?” has been the question. From where I sit, the answer is obvious. Every one of the other big players in automation systems has field device products, even GE, which has been buying up a grab bag of companies ranging from Betz Labs to Panametrics to Druck for several years now. Rockwell alone doesn’t have field instruments to speak of. Endress+Hauser doesn’t have control systems to speak of. Together, they can match most if not all of the capabilities of Emerson, Honeywell, ABB, Siemens, and GE. I’m not sure we should be looking for a merger, though, and it remains to be seen how longevous this alliance will be.
–Walt Boyes

Dale Peterson, in his SCADA Security Blog writes:
IT Security Controversy
The current buzz in the IT Security industry involves allowing criminals and other hackers to speak at information security events. This has been bubbling below the surface for a couple of years. It became the topic when infosec legend Bill Murray and ex-cybersecurity czar Howard Schmidt pulled out of a recent CSI event because Frank Abangale, the criminal showcased in the Catch Me If You Can movie, was a featured speaker.

Read Bill Murray’s explanation here and more stories available here.

I have heard that Mr. Abangale is a very interesting speaker, and he has helped develop many of the protection measures that are in use today to protect currency and checks. So certainly he does not fall into the Kevin Mitnick category, but Bill’s point is Mr. Abangale’s glorified crimes is what drives people to attend his sessions.

Let’s bring this back to SCADA security. Let’s imagine a criminal successful breached a pipeline SCADA system or an electric T&D system and caused a serious financial loss. After serving a couple of years in prison, the criminal is scheduled to keynote an industry conference and discuss his attacks and how he was able to penetrate systems. It sounds like an interesting and even exciting talk. Do you attend?
Interesting question, isn’t it? And what about bringing in a disgruntled ex-employee who hacked a plant floor control system and caused a serious hazardous material spill with fatalities? What then?


–Walt Boyes

Safety is as safe as you make it.
That was the mantra preached by exida’s Bill Goble last night at the Chicago & Will-DuPage combined ISA section meeting. Referring to the new safety system standard, ANSI/ISA84.01(2004), which he and ISA’s standards organization director Lois Ferson, called IEC61511-plus), Goble said there was good news and bad news. The good news, he said, was that the new standard is performance-based, and not prescriptive. “In other words, you get to do real engineering,” he said, to develop the safety system that is exactly suited to your needs. Of course, the bad news followed. “The bad news,” Goble joked, “is that you really have to do the engineering.”
The problem with this, it seems to me, is that fewer plants have the intellectual capital and experienced personnel that are necessary to do the level of safety system engineering required to make sure that Bhopal (see Steve Kuehn’s excellent piece in the January CONTROL) doesn’t happen again. At least prescriptive solutions have the added layer of protection that they tend to be over-engineered.
Not that I don’t emphatically agree with Goble as to the great benefit of the way the standard is written. But as an attendee, who requested anonymity, pointed out to me, “It’s going to take another big accident before the ‘run lean and mean’ mentality will swing back the other way.”
One would hope not, but we often hope in vain.
–Walt Boyes

Sometimes with the best of intentions, things go south anyway. We inadvertently omitted one category from the Readers’ Choice awards article we printed in the January issue. We caught it in time for the HTML story on the website to be changed, but weren’t able to catch it in print. We left off the category of Level Gauge, Inventory Type. The category should have been:
Emerson Process- Saab Rosemount – 30%
Endress+Hauser – 12%
I sincerely regret the error.
–Walt Boyes

Spamalot and specsmanship
My wife and I went and saw the new Eric Idle musical, “Monty Python’s Spamalot” this weekend in its tryout for Broadway in Chicago. The completely internally consistent logic of Monty Python, which is completely absurd in the real world reminded me of the world of PRspeak and specsmanship in process automation.
In the world of PRspeak, every company is “the leader in whatever we’re selling” and never “a follower” or “last on the list.” Every product is new, simple to use, easy to operate, and has a host of new features guaranteed to differentiate it from the nearly identical product that the competitors introduced a while ago. As I learned from trying to produce, with David Spitzer, the “Consumer Guide” Series to field instruments, it takes quite a bit of study to reduce multiple vendor specifications, even of similar products, to apples-to-apples for ease of comparison. No wonder end-users and consulting engineers have a jaundiced eye when it comes to believing what vendors say.
Every month, we get many product releases. They average two to three pages long, with at least one photograph. We cut all the PRspeak out of them, and they generally become much shorter. On average, we make a product release about 70 words long, and it conveys all of the information an end user needs. Wouldn’t it be nice if the folks who write those screeds would boil them down for us? What we want, as end users, is clear, actionable content that we can use right now. So let’s declare war on adjectives and adverbs in product releases and specifications.
–Walt Boyes

Plant Operation security guru Joe Weiss and I had a conversation today about the difference between IT security and plant ops security. Basically, the difference is a mindset. IT looks for intrusions after the fact, and can always re-boot the system. Having to re-boot the plant operation system, DCS, or SCADA network can be ruinous. There is still a huge gulf between the mindsets, and both EPRI and Homeland Security are trying to figure out what to do to bring them together. Joe said that it takes both sides to provide adequate security.
–Walt Boyes

The parade is starting.
Honeywell has also announced a pledge of $1 million to aid the survivors of the tsunami. Let’s all get on board, shall we?
–Walt Boyes

I got an email this morning from Tom Varney, at Siemens. He noted that Siemens has pledged 1 million euros and matching contributions from employees for tsunami relief. I think that it is a good thing that Siemens is doing this, and I’d hope that other Big Six automation companies would follow suit. Sometimes we get complacent, because we’ve managed by and large to make the world a safer place for ordinary people than it has ever been before. It is then that the world reminds us how large and dangerous it really is, and how insignificant we are.
But are we? Among the heroes I’ve heard of during the tsunami was an unknown blond woman, clad only in a bikini bottom, who, instead of saving herself, kept helping injured to safety in the face of the second wave, which washed her away. Ordinary people, heroes. We’re going to need volunteers from the process automation world to go to the relief areas and help get basic services and processing plants back up and running so that the toll doesn’t get any more unbelievably large.
–Walt Boyes

You gotta ask yourself how some companies feel about branding.
The Readers’ Choice Awards are more of a branding survey than anything else, because it is an open ended survey. We don’t provide the voters with a drop down form listing all the possible candidates, it is strictly a write-in ballot.
I’ve been keeping the List of Lost Companies (Appendix 9 in Bela Liptak’s IEH4, Volume 1) for years now. During the 90s, companies merged, re-merged, changed their names, re-sized, down-sized, reorganized and organized to the point where many of the great old names are nearly lost. Included in this dance was its effect on company brands.
A brand is more than a logo. It is more than an advertising or public relations campaign. Simply put, a brand is a gestalt made up of all the impressions and interactions a company has with its suppliers, customers, competitors, employees, and the public at large. Positive brand values are a real measure of how well the company “walks the walk.” Negative brand values are a real measure of how poorly.
Companies have, in the past, won categories in the RCAs where they didn’t even make a product. What does that tell you about their brand?
–Walt Boyes

Leaky electrolytic capacitors–A ticking time bomb–Beware
I spent a day over Christmas replacing the two-year-old motherboard in my son’s 2.5 GHz computer. It finally sputtered to a halt after months of flaky operation, in which we blamed the OS and drivers for several strange problems. Finally, we couldn’t even get BIOS.
Problem: Six leaky aluminum low-ESR electrolytic capacitors. (See Computer Power User magazine (CPU), May, 2004, Volume 4, Issue 5; also see the IEEE’s Website, These capacitors may have used a defective electrolyte based on industrial espionage–strange, but true.
This problem affects motherboards from, among others, several well-known manufacturers such as Intel and Gateway; video cards; and several non-computer products including–according to CPU magazine–camcorders, VCRs, TV sets, computer monitors…and anywhere else these caps are used. Motherboards manufactured between 1998 to 2001 can be affected. Failures typically occur between 250 hours and 2000 hours of usage, far less than the 4,000 hours or more for which they’re rated. Sometimes they may survive longer.
Many manufacturers buy white box computers for HMI use, and some for control. Other automation vendors may have used the caps unknowingly in various industrial products–especially if boards were made in Korea or China. Who knows? Obviously, it can take months to years for these to fail, so if you’re experiencing unstable, flaky, weird operation, pop the cover off whatever the product is that you’re using, and inspect all electrolytic caps for bulging anywhere on the case or for brownish-colored leaks at the seals. You could be feeding unfiltered power to your components–possibly damaging them forever. You can replace the caps, but it may be cheaper and more effective to replace the motherboard or printed-circuit that’s contained in your device.
–Wayne Labs, Contributing Editor

First time I’ve written the new year date. Happy New Year to all of you. This year, we’ll see some significant changes. We are re-designing the print magazine, and we hope you will like what you will see.
I’ve been wondering what it is like to be a process automation professional in Iraq right now. How do you refurbish a dead infrastructure with a civil war going on all around you? If you have thoughts on the subject, email them to me.
We’re going to develop a new reader forum. If you would like to be a CONTROL and Editorial Insider, drop me a note.
–Walt Boyes

Welcome to Sound Off

ControlGlobal Dives into the Blogosphere
Welcome to Sound Off…CONTROL’s entry into the blogosphere. Feel free to respond to me at I’ll post interesting responses. –Walt Boyes, Editor in Chief
Linux Worm Defaces Websites…What Does that Mean for Process Automation?
One of the reasons Linux has been touted for use in embedded control systems is its resistance to attack by worms and viruses. Security consultants have been warning against this complacent attitude for years, but now it is reaching critical mass.

Posted on Monday, Dec 20 on Dr. Jerry Pournelle’s Chaos Manor blog was a comment by security guru Rick Hellewell: “A new work dubbed Santy or php/chaploit is rapidly defacing web sites running the phpBB discussion forum software. The worm uses a Google search to find web sites running that software; the search string used is inurl:phpbb inurl:viewtopic. A Google search using that string will find over one million hits; so there are many sites using this software. Once a site is found, the worm then uses a vulnerability in that software to overwrite various “php” and “htm” files with a message “This site is defaced!!!” Some reports indicate that the worm may also install a ‘root kit’, which allows the hacker full access to the server. An MSN search for those text strings will find over 37,000 sites that have been successfully attacked. There is a workaround until a fix is released; web site operators using the phpBB software should immediately enable that workaround, and monitor for updates. I suspect that many of your readers might have this software installed on their personal Linux servers. It does not appear to infect user computers, only Linux servers running the phpBB software. Some anti-virus software is providing detection at this time, but the threat is evolving.”

As the number of Linux servers and clients increases so too will their vulnerability to the same kinds of attacks currently plaguing Microsoft Windows operating systems. How this will affect process automation is clear. It isn’t a solution to say that we should run away from Windows, and embrace Linux. What we have to do is to make computer security so easy to do that people will actually do the things they need to do to make their systems secure. –Walt

Welcome to Sound Off

Linux Worm Defaces Websites…What Does that Mean for Process Automation? One of the reasons Linux has been touted for use in embedded control systems is its resistance to attack by worms and viruses. Security consultants have been warning against this complacent attitude for years, but now it is reaching critical mass. Posted on Monday, Dec 20 on Dr. Jerry Pournelle’s Chaos Manor blog was a comment by security guru Rick Hellewell: “A new work dubbed Santy or php/chaploit is rapidly defacing web sites running the phpBB discussion forum software. The worm uses a Google search to find web sites running that software; the search string used is inurl:phpbb inurl:viewtopic.

A Google search using that string will find over one million hits; so there are many sites using this software. Once a site is found, the worm then uses a vulnerability in that software to overwrite various “php” and “htm” files with a message “This site is defaced!!!” Some reports indicate that the worm may also install a ‘root kit’, which allows the hacker full access to the server. An MSN search for those text strings will find over 37,000 sites that have been successfully attacked.

There is a workaround until a fix is released; web site operators using the phpBB software should immediately enable that workaround, and monitor for updates. I suspect that many of your readers might have this software installed on their personal Linux servers. It does not appear to infect user computers, only Linux servers running the phpBB software. Some anti-virus software is providing detection at this time, but the threat is evolving.”

As the number of Linux servers and clients increases so too will their vulnerability to the same kinds of attacks currently plaguing Microsoft Windows operating systems. How this will affect process automation is clear. It isn’t a solution to say that we should run away from Windows, and embrace Linux. What we have to do is to make computer security so easy to do that people will actually do the things they need to do to make their systems secure.