The jury is still out for me. I'm tempted to not use the auto high beams any more. They don't work nearly as well as you might hope. They go to high beam just fine, but they don't dim themselves as early as I would choose to do so, and I find I'm constantly overriding them.
I agree that technology can help and is generally beneficial, its the attitudes around its use that bother me. Its an asset or a tool not a replacement for personal responsibility when operating heavy machinery.
You may feel that way, but Sally Soccermom doesn't give a damn what you think, and she's out there driving, too. As far as I can tell, she outnumbers you about 10 to 1. So anything that gives her a chance to drive safer without running me off the road in the process is a plus.
Of course, I'm not so sure I want to be sharing the road with Aaron "I don't need no safety shit to tell me how to drive" Arrogant, but I apparently have no choice in that matter, either.
The current auto-drive stuff Google is testing will handle much of what you describe. And current humans are already quite bad at handling the rest of it, as the complexity and speed of it unfolding does overwhelm many of them.
I don't think it would be any worse than many of the regular drivers out there, and far better than most cell phone users or drunks.
And what's wrong with assisted driving technology? It saves lives!
The technology that assists the driver of a modern car drive it safely is amazing. Radar assisted cruise control helps avoid driver frustration because their speed doesn't match the speed of the car ahead of them. Blind spot systems that watch the corners of your vehicle you can't see out the windows and in the mirrors. Backup cameras to avoid running over your children in the driveway. Collision avoidance warning indicators flash a simple red light bar and sound a tone to startle the driver in the event of an impending collision. Head up displays help to keep eyes on the road. Traction control helps avoids spinouts. Stability control helps avoid rollovers. Antilock brakes help stop shorter and quicker. Pre-charged brakes help stop suddenly if the driver isn't assertive enough when attempting to avoid a collision. Voice control to operate the technology without removing your hands from the wheel or eyes from the road.
And then there are the tech features designed to improve survivability of an accident. Pretensioning seat belts. Adaptive airbags. Autodialing 911.
All those mean much more to Soccermom Sally than the difference between 225HP and 235HP. Yes, the gearheads want their superchargers, and they're available too. But the market sells to everyone, not just the Top Gear enthusiasts. And a lot more paying customers value safety and comfort over raw horsepower numbers.
It seems odd to me that it's a good idea for the car to continue to drive away from its key. But I understand from a safety perspective they don't want to power down the engine on the freeway just because the battery in the fob went dead.
After the "no key" alert is shown to the driver, does your car refuse to proceed after having been stopped and the transmission put in park?
And that's stupid. My car does not have a bus and guess what, it works - the lights turn on when I switch them on, I can see the speed on my speedometer, I can also see the coolant temperature, oil pressure and fuel level too.
Stupid? Hardly. The systems on a modern car work together better than anything even a few years old, and incorporate everything from diagnostics and maintenance to navigation, safety, performance, and fuel efficiency, just to name a few. These cars automatically redistribute power from the rear wheels to the front wheels in the event of lost traction. They'll auto adjust the cruise control speed to maintain a relaxed following distance if the car ahead is traveling slower than it's set for, reducing driver anxiety. They can modulate the brakes and stiffen the suspension in a slide to help prevent rollovers. They can provide almost a second of warning to the driver in the event of an impending front-end collision. They warn the driver if there are vehicles in the blind spots. And they provide back-up cameras to prevent accidentally running over unseen children in the driveway.
And in the event of an accident, the correct air bags deploy at a speed appropriate for the situation, the doors unlock, the lights come on, and tries to auto-dial the driver's cell phone to 911. The frame is designed to passively protect the occupants by absorbing a serious impact through the distortion of metal all around the vehicle, and they have been design tested in thousands of simulations, backed up by real world crash data.
There is nothing stupid about these systems. They work, all the time, in real world conditions with real world drivers. They save lives.
There are from 50 to 70 tiny computers hanging off the bus interconnecting the computers on a modern car...
That's why I like my old car - it only has a few "computers" and most of them consist of a few transistors and electromechanical relays.
That just sadly sounds like a bitter old guy saying "and that's why my old 80486 runnin' Windows 3.1 is better than your fancy quad-core i7. It can't hardly do nothin', but it does everything I need and that's the way I likes it." It's a very tired argument against progress, and isn't terribly believable.
There's nothing wrong with enjoying a classic car for what it is, but it seems disingenuous to suggest that it's a comparable substitute to a modern vehicle.
The attack concept was very simple: extend the range of the normal keyfob RF communications with a pair of radio repeaters, one of which is presented to the car as a surrogate, and the other is hidden near the victim's real key fob (perhaps a disguised repeater is hidden in their shopping cart while they were in a store.)
Low tech solution - put a switch on the key fob that disables the communications unless you press it. If the owner does not have a habit of constantly pressing the button then this sort of attack won't work.
The key has two independent RF behaviors. One is the active transmitter, which sends the ordinary "door lock" types of signals, and is not the issue here. The other acts like an RFID card. It is always on, passively looking for a signal from the car, at which point it will respond with its coded info. This signal must be responsive at all times when the car is operating, or otherwise the car thinks the key isn't present and shuts the engine off. A momentary switch will not work. It would have to be a toggle.
The convenient appeal of these keys is that you just keep it in your pocket or purse, and you don't have to touch it at all. If the driver's door RF reader senses the key, it unlocks the driver's door. If the start button is pressed, and the interior RF reader senses the key, it starts the motor. Flipping a switch on the remote would counter the ease of use, and would not be used by the general public who buy these cars. They would just leave it toggled on 100% of the time.
Honestly, their auto insurance protects their interests better than a switch they would never use.
And then some kid comes around and pops the locks by hacking a tire pressure monitor with an Arduino.
Why would a car lock and tire pressure monitor be connected in any way?
That's exactly the kind of thinking that leads to security holes. If you assume they have no reason to be connected, you wouldn't suspect them. Yet they are both connected to the car's bus.
There are from 50 to 70 tiny computers hanging off the bus interconnecting the computers on a modern car, and include everything from the anti-lock brake system to the gas tank sender. Think about the computer that manages the engine. It sends out the car's speed on the bus every second or so. When the instrument console system sees the speed on the bus it displays it on the speedometer. The safety and security system also watches the speed on the bus, and has a rule that if it exceeds 4 MPH it auto-locks the doors. It also has a safety rule that says to auto-unlock all the doors for the rescuers if the airbags ever deploy.
The four tire pressure monitors each send an RF signal every ninety seconds indicating tire pressure. The tire pressure RF receiver reads the data and puts the tire's pressure on the bus, perhaps sending a message like "TIRE(3)PSI=35". The instrument console system watches the pressure messages and warns the driver if they're ever out of range.
But what if there's a buffer overflow mistake in the tire pressure data RF receiver? What if I transmit an RF message pretending to be from tire #3 saying the tire pressure is "35<NULL>AIRBAG(1)DEPLOYED=TRUE" and the whole thing is put on the bus?
Any ghost hypothesis has got to have some sort of description of what a ghost is (varies across cultures) and what effects it would have on the measurable world. This could mean anything to anyone, so while you're having someone explain it to you, you might also get them to pick up the burden of proof.
Also get them to pick up the bar tab. No reason it shouldn't be a profitable exchange.
OK, well then go ahead and bring some common types of detection gear. Bring a digital camera (DSLR would be best, but bring the most sensitive you've got.) If you can find one, bring an EM detector. Perhaps bring a multi-band radio, one that has a manual squelch so you can hear the static, and with a portable antenna. Maybe an optical distance thermometer. And bring a video camera.
Also bring some experimenting supplies. Aluminum foil and wire would be good. Duct tape and some tripods will be useful, as will a few ordinary tools (a multi-tool knife/pliers thing would probably suffice.) Various clear plastic bags. If you can, get different color LED flashlights to look at things under different colors of light. Plain white paper. A box to put stuff in.
Go over how each of the things you brought detects something, then amplifies the results so you can see it. The camera detects light with a CMOS sensor, and does so in 1/60th of a second; the EM detector detects lines of magnetic flux with a coil of wire, etc.
Explain how every sensor has its limits. For example, a light switch is a sensor of human fingers. It doesn't switch itself, a person has to push harder than the internal spring to toggle the lights. The light switch can't detect humans that don't press hard enough, but the lack of flipping doesn't prove there's no human there. Note also that the lack of flipping doesn't prove there IS a human there, either. Then take out the camera and explain how the CMOS sensor has a similar threshold, and requires a certain amount of light. Anything below that threshold proves only that there wasn't enough light.
If a camera sensor has no light at all when you press the shutter, you'll find that the sensor is not perfect, and not all the cells are exactly pure black. The differences in the individual cells will show up as variations in black.
Set the camera to RAW mode, or to the highest resolution possible. Change the ISO setting from "Auto" and set it to the highest possible value. Set the aperture as closed as possible (high F stop) and set the shutter speed as fast as possible. Fully obscure the camera lens with aluminum foil and take a couple of pictures, then magnify one of the pictures on the computer screen until you can clearly see distinct pixels. Notice how even though no light should have reached the lens, some of the pixels are brighter than others. Compare this to the other pictures you took of the covered lens, and look for differences between them. They might all be the same, or there might be some variations.
Then take the still-foil-wrapped camera and put it someplace cold for a while, and take another couple of pictures of blackness once it chills. Finally, warm it up to body temperature and take another set of pictures. Compare all three temperature pictures, and look for differences. You might find something like the cold sensor pictures have a more consistent level of black, while the warm sensor pictures have less consistent black. Or the other way around.
When you're bored of the camera, pull out the EM meter. Make various coils with the wire, and see if they affect the readings. See if having one end of the coil grounded makes a difference. See if grounding both ends makes a difference. See if having a person hold one end makes a difference. See if it makes a difference if the person is also running a video camera. See if it makes a difference if your cell phones are on or off. If you find a spot in the house with a strangely high EM reading, make a shield of aluminum foil and hook the wire to it and ground the other end, and see if that can change it.
Try various things to reproduce anomalies you may have seen on the TV shows. Come up with hypotheses, and create experiments to confirm your suspicions.
This attack had nothing to do with the cryptography used, and would succeed regardless of how the keys are cryptographically secured. Keyloq and 4096-bit RSA would both fail equally.
The attack concept was very simple: extend the range of the normal keyfob RF communications with a pair of radio repeaters, one of which is presented to the car as a surrogate, and the other is hidden near the victim's real key fob (perhaps a disguised repeater is hidden in their shopping cart while they were in a store.)
It's a common problem with security people. We get so focused on addressing the problems we already understand, such as "let's use a two inch anti-magnetic titanium deadbolt controlled by public key cryptography with a radioactive decay module for random number generation to ensure the IV is unrepeatable" that we forget to look beyond the existing security. And then some kid comes around and pops the locks by hacking a tire pressure monitor with an Arduino.
No, this wasn't a glaringly obvious attack, as it's incorporating a new attack idea to thwart defenses proposed by Ross Anderson after he demonstrated a similar attack on contactless credit cards a few years ago.
This was not a classic "man in the middle" attack, where the MITM has to pretend to be one end or the other. This was a "stretching the wireless attack". By using a pair of radio repeaters, the attackers were able to have one end next to the car, with an accomplice near the person with the keys.
Ross said the attack he demonstrated should be defeated by tightening up the timing protocol between the card and the terminal. In this case, the attackers tightened it up even further by leaving the signal as analog.
This attack is more suited to popping the locks once and then stealing the stuff inside; it would still be hard to directly steal the car. In order to start and operate a 'keyless' car, the key must be located inside the passenger compartment, and in order for it to stay running the key must remain inside the passenger compartment. In the case of the thieves, the accomplice would have to remain near the victim's key fob continually until the car was driven away. But I've never actually tried throwing the key out the window while my car was running and in "drive". I have the feeling it would shut off again as soon as the car's speed dropped to zero, but now I'm thinking this calls for an experiment...
Holy crap, I just saw below that San Francisco has rolling blackouts, and that California still has occasional power emergencies! I live in one of those countries!
See, there's one advantage to living in a flyover state. We still have adequate power.
It's not about making energy affordable. It's about modifying demand by holding consumers accountable.
There is no effort to build new power plants in this country. We're not adding new coal plants, because they pollute. We're not adding new nuclear plants, because we don't know how to handle nuclear waste. We're not building new dams, because we might kill an endangered fish, or wreck some historic valley. At most, we're adding tiny little windmills and tidal generators and solar farms that have no practical chance of keeping up with the growth of the population. As things stand today, we're in a bind.
So if we can't figure out how to build more generating capacity, our options are to either restrict growth, improve efficiency, or curb demand.
Restricting growth is not a realistic option. Improving efficiency is. The utilities do what they can from a generating standpoint to try to squeeze every watt from every therm they produce. They encourage us to improve efficiency economically, through rebates for replacing inefficient devices with energy star devices. And they curb demand by raising rates.
Because electrical plants have a finite capacity, as the plants reach their peak of production the utilities have one more trick. They fire up auxiliary generators to supply additional power to the grid. These are diesel or natural gas generating plants, often owned by large businesses as disaster recovery generators. They are very, very expensive to fuel and run. This only happens at times of peak demand, but the cost of peak generation is about ten times that of regular generation. The smart grid will allow utilities to charge higher rates to consumers during peak times, in order to encourage energy saving during peak times.
The smart grid can pass that information to consumer appliances. The grid can tell your dryer that "peak pricing is from 3:00 PM until 8:00 PM." Your dryer can then tell you "if you dry them now it will cost $3, but if you wait until 8 PM it will only cost $0.15." Or if you hit the "cheap" button, it will automatically delay operation until the peak period has ended.
Today we all pay peak rates 24x7, for everything. The peak charges are amortized across all the electricity we buy. The smart grid will let them keep from raising the prices for non-peak electricity. And it puts the information in your hands so you can make the decision.
There have been more than a dozen major power outages in the US since the 1960s. That's far from having even a single 9.
Then I don't think you understand the whole 9s concept. Uptime is referred to in terms of the percentage of time the resource is available. If a thing is there when you go to it half the time, its uptime is 50%. If the thing is there when you want it 999 times out of a thousand, its uptime is 99.9% That thing can be said to have "three nines" of uptime, because there are three nines in 99.9%.
It's often easier to think of the resource in terms of how often it goes away. Five nines (99.999%) equates to just over five minutes per year of downtime. Six nines is only about 31 seconds of downtime per year. The more nines, the exponentially more reliable the thing is.
The power grid in this country is extremely reliable. At my house, we lose power perhaps once per year, for just a few hours or so. I haven't measured, but I would estimate I have "five nines" of uptime.
So now let's take any one of the major blackouts that you're talking about, and assign an average value of 24 hours of downtime for each incident. Let's further assign an average value of 25% of the country was impacted by each incident. You claimed there were more than a dozen. Let's call it 20 incidents from 1960 to today. Those estimates are deliberately high, but that's OK for this purpose. Now we just do the math.
2011-1960 = 51 years, which is 51y * 365.25d/y * 24h/d = 447,066 hours.
480 is divided by the percent of the country affected, so 480 hours * 25% = 120 hours of downtime, total.
1 - (120 / 447,066) =.999731, * 100% = 99.9731% uptime. That's at least three nines of uptime. To an entire country of over 300 million people!
It's almost impossible to properly appreciate that level of reliability. I suggest spending some time in countries that have poor electrical grids, where rolling blackouts due to power shortages are scheduled daily.
Sure, we can blame some of that on standards and requirements laid out by the legislatures. "Add this to your 5th grade health class." "Add this to your 7th grade math class." Teachers are spending a lot of time pushing crap that a politician thought was important, not what's actually important. I wouldn't be surprised to find that 10% of classroom time is wasted on political agendas instead of learning. But it's not the entire problem.
A big part of the problem is refusal to accept discipline as an appropriate path. (Note that discipline does NOT mean corporal punishment.) If little Johnny Trouble is disrupting class again, the rest of them just sit there and read 'Dick and Jane' for the 17th time while the teacher spends an hour trotting him down to the behavioral psychologist's office. Little Johnny is talked at without effect, then put back in the classroom where he then disrupts it for the 18th time. Little Johnny needs to be efficiently removed from the classroom setting without the parent's approval, and without concern for his "feelings", as every other approach rewards his bad behavior. And yes, his teacher should be able to tell the other kids that little Johnny was kicked out because he was being naughty. Stigmatize the offense. It works.
I'm not blaming little Johnny here. I'm blaming the system for deciding that accommodating little Johnny's every whim is a viable approach to education. If little Johnny has to end up in "special school" for a month to work out his issues, that gives 24 other kids the chance to excel. If Mommy or Daddy feel that little Johnny is being stigmatized by being placed in special school, Mommy or Daddy can hire a specialist to work with little Johnny to figure out his problems and get him cooperating so he can return to the classroom. The schools don't have to abandon him, but they also don't have to keep him slowing down the mainstream.
School boards have to step up and recognize they must represent the 95% of kids who aren't little Johnny. They also have to stop acting as the supreme court of schoolhouse behavior, and stand up to the whiny parents who think their kid shouldn't have been singled out. "Sorry, ma'am, that's a decision between the teacher and the principal, not us. They were there, we were not. Their decision is final. Your alternative to special school is to move out of our district, and take little Johnny with you. Now if you would please sit down and shut up, we won't send your new district a full transcript of little Johnny's discipline issues. Have a nice day."
Another big part of the problem is refusal to accept failure as a possible outcome for a child. Instead of moving the class along and leaving little Johnny behind, the entire class is held back to little Johnny's level of non-progress. If little Johnny can't keep up, alter little Johnny's schedule, not the whole class. There can be a standard pace, and it can be set to the pace of the average student. It doesn't have to be hyperaccelerated, but without the anchor of slow students, it will certainly speed up.
"No child left behind" takes the Garrison Keeler joke of "Lake Woebegone, where all the children are above average" and tries to apply it legislatively, which is absurd. 5% of the children will always be the bottom 5% of the children. So far all it's accomplished is that we've proven that we can't squeeze 5% up into the bell curve without squeezing down the middle 90% to hide them.
That's the problem with whining about the insignificant amount of data on your phone. It still hides the real problem, which is that you willingly gave the data to random third parties who promised to make your life better by "connecting you with friends" or "sharing your thoughts".
Where it gets interesting is if your phone has a gateway back to your own personal systems. Can the police traverse the link back to your house, and start reading what's on your hard disk via the phone? They may not even know they've "left" the phone's data and started using your network to do so. And can they traverse the other links back to your corporate email systems, and read company-sensitive stuff?
I'm wondering about training, though. Here we have an ordinary cop with full access to your phone, who has no computer forensic training and no oversight, and who can just stomp all over your data changing bits at will. And who's to say he isn't adding contact information showing your "obvious" known associations with Tony Soprano? Now he can suggest you're headed for Federal PMITA prison, unless you "cooperate". It's certainly easier to plant phony electronic "evidence" on the scene than cocaine or a smoking gun.
They've been around for a long, long time. Someone added application permission hours to our mainframe to disable certain game programs (Adventure) until after school hours. This was back in the 1970s.
You're talking about open container laws, which really should be thrown out. Either the driver is drunk or he is not. Whether or not the open bottle is in the cab does not have any impact on his current state. Open container is a horrible, insane "pre-crime" law (guess who just watched Minority Report on cable this weekend?)
If you're on a jury and agree with this sentiment, be sure to vote to nullify any charges on open container. You can still vote guilty on the drunk driving charges themselves, but open bottle laws are just stupid. All they do is lead to excessive littering.
I don't "like" anything. I am talking about unhealthy behavior. I don't care if you smoke and eat yourself to death.
Well I care. According to the tobacco companies, smokers are much more likely to die quickly of a heart attack long before needing expensive health care treatments to preserve their lives, so we save lots of valuable health care insurance money all thanks to smoking!
What about if tax laws become so complex that the government mandates the use of filing software to ensure proper compliance with them?
I filled out a tax form on property depreciation once, decades ago, that had in the instructions "estimated time you will need to understand this form and fill it out: 40 hours." So I may have filled out the form incorrectly, but realized I had no practical way of knowing for sure if it was right. Software would have been able to ensure it was filled out properly.
They're already creating laws so complex that filing software (or hiring an expert) is the only economically practical way to comply. I suppose my best option at this point is to demand that congress simplify the tax laws, before they force me to buy software. As if.
I already have an app to set my phone to "silent" as I approach the building at work. Not that I need to be told that it's wrong to have a noisy phone at work, but I do forget to silence it. It's one less thing cluttering up my already cluttered brain.
I silence my cell phone in the theater, sometimes because I remember but sometimes because the annoying video clip reminds me to.
I always remember to silence my cell phone at important events, such as theatrical plays, funerals, ceremonies, etc, because they're uncommon. Before such events I mentally go through a list of "are you prepared to be here?" kinds of things.
So I'd love a "location service" that says "hey, you're within the walls of something deemed a 'theater' or a 'restaurant, 3+ stars', I'll go silent." It would help me be polite at times when it might not occur to me otherwise. But I'd be the one choosing to use it out of respect for my fellow patrons, and not having it imposed upon me by a self-important restauranteur and an obsequious cell phone company.
The jury is still out for me. I'm tempted to not use the auto high beams any more. They don't work nearly as well as you might hope. They go to high beam just fine, but they don't dim themselves as early as I would choose to do so, and I find I'm constantly overriding them.
I agree that technology can help and is generally beneficial, its the attitudes around its use that bother me. Its an asset or a tool not a replacement for personal responsibility when operating heavy machinery.
You may feel that way, but Sally Soccermom doesn't give a damn what you think, and she's out there driving, too. As far as I can tell, she outnumbers you about 10 to 1. So anything that gives her a chance to drive safer without running me off the road in the process is a plus.
Of course, I'm not so sure I want to be sharing the road with Aaron "I don't need no safety shit to tell me how to drive" Arrogant, but I apparently have no choice in that matter, either.
The government doesn't care if your car is at an inappropriate destination. They already can see if your cell phone is there.
The current auto-drive stuff Google is testing will handle much of what you describe. And current humans are already quite bad at handling the rest of it, as the complexity and speed of it unfolding does overwhelm many of them.
I don't think it would be any worse than many of the regular drivers out there, and far better than most cell phone users or drunks.
And what's wrong with assisted driving technology? It saves lives!
The technology that assists the driver of a modern car drive it safely is amazing. Radar assisted cruise control helps avoid driver frustration because their speed doesn't match the speed of the car ahead of them. Blind spot systems that watch the corners of your vehicle you can't see out the windows and in the mirrors. Backup cameras to avoid running over your children in the driveway. Collision avoidance warning indicators flash a simple red light bar and sound a tone to startle the driver in the event of an impending collision. Head up displays help to keep eyes on the road. Traction control helps avoids spinouts. Stability control helps avoid rollovers. Antilock brakes help stop shorter and quicker. Pre-charged brakes help stop suddenly if the driver isn't assertive enough when attempting to avoid a collision. Voice control to operate the technology without removing your hands from the wheel or eyes from the road.
And then there are the tech features designed to improve survivability of an accident. Pretensioning seat belts. Adaptive airbags. Autodialing 911.
All those mean much more to Soccermom Sally than the difference between 225HP and 235HP. Yes, the gearheads want their superchargers, and they're available too. But the market sells to everyone, not just the Top Gear enthusiasts. And a lot more paying customers value safety and comfort over raw horsepower numbers.
It seems odd to me that it's a good idea for the car to continue to drive away from its key. But I understand from a safety perspective they don't want to power down the engine on the freeway just because the battery in the fob went dead.
After the "no key" alert is shown to the driver, does your car refuse to proceed after having been stopped and the transmission put in park?
And that's stupid. My car does not have a bus and guess what, it works - the lights turn on when I switch them on, I can see the speed on my speedometer, I can also see the coolant temperature, oil pressure and fuel level too.
Stupid? Hardly. The systems on a modern car work together better than anything even a few years old, and incorporate everything from diagnostics and maintenance to navigation, safety, performance, and fuel efficiency, just to name a few. These cars automatically redistribute power from the rear wheels to the front wheels in the event of lost traction. They'll auto adjust the cruise control speed to maintain a relaxed following distance if the car ahead is traveling slower than it's set for, reducing driver anxiety. They can modulate the brakes and stiffen the suspension in a slide to help prevent rollovers. They can provide almost a second of warning to the driver in the event of an impending front-end collision. They warn the driver if there are vehicles in the blind spots. And they provide back-up cameras to prevent accidentally running over unseen children in the driveway.
And in the event of an accident, the correct air bags deploy at a speed appropriate for the situation, the doors unlock, the lights come on, and tries to auto-dial the driver's cell phone to 911. The frame is designed to passively protect the occupants by absorbing a serious impact through the distortion of metal all around the vehicle, and they have been design tested in thousands of simulations, backed up by real world crash data.
There is nothing stupid about these systems. They work, all the time, in real world conditions with real world drivers. They save lives.
There are from 50 to 70 tiny computers hanging off the bus interconnecting the computers on a modern car...
That's why I like my old car - it only has a few "computers" and most of them consist of a few transistors and electromechanical relays.
That just sadly sounds like a bitter old guy saying "and that's why my old 80486 runnin' Windows 3.1 is better than your fancy quad-core i7. It can't hardly do nothin', but it does everything I need and that's the way I likes it." It's a very tired argument against progress, and isn't terribly believable.
There's nothing wrong with enjoying a classic car for what it is, but it seems disingenuous to suggest that it's a comparable substitute to a modern vehicle.
The attack concept was very simple: extend the range of the normal keyfob RF communications with a pair of radio repeaters, one of which is presented to the car as a surrogate, and the other is hidden near the victim's real key fob (perhaps a disguised repeater is hidden in their shopping cart while they were in a store.)
Low tech solution - put a switch on the key fob that disables the communications unless you press it. If the owner does not have a habit of constantly pressing the button then this sort of attack won't work.
The key has two independent RF behaviors. One is the active transmitter, which sends the ordinary "door lock" types of signals, and is not the issue here. The other acts like an RFID card. It is always on, passively looking for a signal from the car, at which point it will respond with its coded info. This signal must be responsive at all times when the car is operating, or otherwise the car thinks the key isn't present and shuts the engine off. A momentary switch will not work. It would have to be a toggle.
The convenient appeal of these keys is that you just keep it in your pocket or purse, and you don't have to touch it at all. If the driver's door RF reader senses the key, it unlocks the driver's door. If the start button is pressed, and the interior RF reader senses the key, it starts the motor. Flipping a switch on the remote would counter the ease of use, and would not be used by the general public who buy these cars. They would just leave it toggled on 100% of the time.
Honestly, their auto insurance protects their interests better than a switch they would never use.
And then some kid comes around and pops the locks by hacking a tire pressure monitor with an Arduino.
Why would a car lock and tire pressure monitor be connected in any way?
That's exactly the kind of thinking that leads to security holes. If you assume they have no reason to be connected, you wouldn't suspect them. Yet they are both connected to the car's bus.
There are from 50 to 70 tiny computers hanging off the bus interconnecting the computers on a modern car, and include everything from the anti-lock brake system to the gas tank sender. Think about the computer that manages the engine. It sends out the car's speed on the bus every second or so. When the instrument console system sees the speed on the bus it displays it on the speedometer. The safety and security system also watches the speed on the bus, and has a rule that if it exceeds 4 MPH it auto-locks the doors. It also has a safety rule that says to auto-unlock all the doors for the rescuers if the airbags ever deploy.
The four tire pressure monitors each send an RF signal every ninety seconds indicating tire pressure. The tire pressure RF receiver reads the data and puts the tire's pressure on the bus, perhaps sending a message like "TIRE(3)PSI=35". The instrument console system watches the pressure messages and warns the driver if they're ever out of range.
But what if there's a buffer overflow mistake in the tire pressure data RF receiver? What if I transmit an RF message pretending to be from tire #3 saying the tire pressure is "35<NULL>AIRBAG(1)DEPLOYED=TRUE" and the whole thing is put on the bus?
*click*
That's how you get security problems.
Any ghost hypothesis has got to have some sort of description of what a ghost is (varies across cultures) and what effects it would have on the measurable world. This could mean anything to anyone, so while you're having someone explain it to you, you might also get them to pick up the burden of proof.
Also get them to pick up the bar tab. No reason it shouldn't be a profitable exchange.
OK, well then go ahead and bring some common types of detection gear. Bring a digital camera (DSLR would be best, but bring the most sensitive you've got.) If you can find one, bring an EM detector. Perhaps bring a multi-band radio, one that has a manual squelch so you can hear the static, and with a portable antenna. Maybe an optical distance thermometer. And bring a video camera.
Also bring some experimenting supplies. Aluminum foil and wire would be good. Duct tape and some tripods will be useful, as will a few ordinary tools (a multi-tool knife/pliers thing would probably suffice.) Various clear plastic bags. If you can, get different color LED flashlights to look at things under different colors of light. Plain white paper. A box to put stuff in.
Go over how each of the things you brought detects something, then amplifies the results so you can see it. The camera detects light with a CMOS sensor, and does so in 1/60th of a second; the EM detector detects lines of magnetic flux with a coil of wire, etc.
Explain how every sensor has its limits. For example, a light switch is a sensor of human fingers. It doesn't switch itself, a person has to push harder than the internal spring to toggle the lights. The light switch can't detect humans that don't press hard enough, but the lack of flipping doesn't prove there's no human there. Note also that the lack of flipping doesn't prove there IS a human there, either. Then take out the camera and explain how the CMOS sensor has a similar threshold, and requires a certain amount of light. Anything below that threshold proves only that there wasn't enough light.
If a camera sensor has no light at all when you press the shutter, you'll find that the sensor is not perfect, and not all the cells are exactly pure black. The differences in the individual cells will show up as variations in black.
Set the camera to RAW mode, or to the highest resolution possible. Change the ISO setting from "Auto" and set it to the highest possible value. Set the aperture as closed as possible (high F stop) and set the shutter speed as fast as possible. Fully obscure the camera lens with aluminum foil and take a couple of pictures, then magnify one of the pictures on the computer screen until you can clearly see distinct pixels. Notice how even though no light should have reached the lens, some of the pixels are brighter than others. Compare this to the other pictures you took of the covered lens, and look for differences between them. They might all be the same, or there might be some variations.
Then take the still-foil-wrapped camera and put it someplace cold for a while, and take another couple of pictures of blackness once it chills. Finally, warm it up to body temperature and take another set of pictures. Compare all three temperature pictures, and look for differences. You might find something like the cold sensor pictures have a more consistent level of black, while the warm sensor pictures have less consistent black. Or the other way around.
When you're bored of the camera, pull out the EM meter. Make various coils with the wire, and see if they affect the readings. See if having one end of the coil grounded makes a difference. See if grounding both ends makes a difference. See if having a person hold one end makes a difference. See if it makes a difference if the person is also running a video camera. See if it makes a difference if your cell phones are on or off. If you find a spot in the house with a strangely high EM reading, make a shield of aluminum foil and hook the wire to it and ground the other end, and see if that can change it.
Try various things to reproduce anomalies you may have seen on the TV shows. Come up with hypotheses, and create experiments to confirm your suspicions.
Bring some common fucking sense, and a stick to hit those who didn't bring any?
This attack had nothing to do with the cryptography used, and would succeed regardless of how the keys are cryptographically secured. Keyloq and 4096-bit RSA would both fail equally.
The attack concept was very simple: extend the range of the normal keyfob RF communications with a pair of radio repeaters, one of which is presented to the car as a surrogate, and the other is hidden near the victim's real key fob (perhaps a disguised repeater is hidden in their shopping cart while they were in a store.)
It's a common problem with security people. We get so focused on addressing the problems we already understand, such as "let's use a two inch anti-magnetic titanium deadbolt controlled by public key cryptography with a radioactive decay module for random number generation to ensure the IV is unrepeatable" that we forget to look beyond the existing security. And then some kid comes around and pops the locks by hacking a tire pressure monitor with an Arduino.
No, this wasn't a glaringly obvious attack, as it's incorporating a new attack idea to thwart defenses proposed by Ross Anderson after he demonstrated a similar attack on contactless credit cards a few years ago.
This was not a classic "man in the middle" attack, where the MITM has to pretend to be one end or the other. This was a "stretching the wireless attack". By using a pair of radio repeaters, the attackers were able to have one end next to the car, with an accomplice near the person with the keys.
Ross said the attack he demonstrated should be defeated by tightening up the timing protocol between the card and the terminal. In this case, the attackers tightened it up even further by leaving the signal as analog.
This attack is more suited to popping the locks once and then stealing the stuff inside; it would still be hard to directly steal the car. In order to start and operate a 'keyless' car, the key must be located inside the passenger compartment, and in order for it to stay running the key must remain inside the passenger compartment. In the case of the thieves, the accomplice would have to remain near the victim's key fob continually until the car was driven away. But I've never actually tried throwing the key out the window while my car was running and in "drive". I have the feeling it would shut off again as soon as the car's speed dropped to zero, but now I'm thinking this calls for an experiment...
Holy crap, I just saw below that San Francisco has rolling blackouts, and that California still has occasional power emergencies! I live in one of those countries!
See, there's one advantage to living in a flyover state. We still have adequate power.
It's not about making energy affordable. It's about modifying demand by holding consumers accountable.
There is no effort to build new power plants in this country. We're not adding new coal plants, because they pollute. We're not adding new nuclear plants, because we don't know how to handle nuclear waste. We're not building new dams, because we might kill an endangered fish, or wreck some historic valley. At most, we're adding tiny little windmills and tidal generators and solar farms that have no practical chance of keeping up with the growth of the population. As things stand today, we're in a bind.
So if we can't figure out how to build more generating capacity, our options are to either restrict growth, improve efficiency, or curb demand.
Restricting growth is not a realistic option. Improving efficiency is. The utilities do what they can from a generating standpoint to try to squeeze every watt from every therm they produce. They encourage us to improve efficiency economically, through rebates for replacing inefficient devices with energy star devices. And they curb demand by raising rates.
Because electrical plants have a finite capacity, as the plants reach their peak of production the utilities have one more trick. They fire up auxiliary generators to supply additional power to the grid. These are diesel or natural gas generating plants, often owned by large businesses as disaster recovery generators. They are very, very expensive to fuel and run. This only happens at times of peak demand, but the cost of peak generation is about ten times that of regular generation. The smart grid will allow utilities to charge higher rates to consumers during peak times, in order to encourage energy saving during peak times.
The smart grid can pass that information to consumer appliances. The grid can tell your dryer that "peak pricing is from 3:00 PM until 8:00 PM." Your dryer can then tell you "if you dry them now it will cost $3, but if you wait until 8 PM it will only cost $0.15." Or if you hit the "cheap" button, it will automatically delay operation until the peak period has ended.
Today we all pay peak rates 24x7, for everything. The peak charges are amortized across all the electricity we buy. The smart grid will let them keep from raising the prices for non-peak electricity. And it puts the information in your hands so you can make the decision.
There have been more than a dozen major power outages in the US since the 1960s. That's far from having even a single 9.
Then I don't think you understand the whole 9s concept. Uptime is referred to in terms of the percentage of time the resource is available. If a thing is there when you go to it half the time, its uptime is 50%. If the thing is there when you want it 999 times out of a thousand, its uptime is 99.9% That thing can be said to have "three nines" of uptime, because there are three nines in 99.9%.
It's often easier to think of the resource in terms of how often it goes away. Five nines (99.999%) equates to just over five minutes per year of downtime. Six nines is only about 31 seconds of downtime per year. The more nines, the exponentially more reliable the thing is.
The power grid in this country is extremely reliable. At my house, we lose power perhaps once per year, for just a few hours or so. I haven't measured, but I would estimate I have "five nines" of uptime.
So now let's take any one of the major blackouts that you're talking about, and assign an average value of 24 hours of downtime for each incident. Let's further assign an average value of 25% of the country was impacted by each incident. You claimed there were more than a dozen. Let's call it 20 incidents from 1960 to today. Those estimates are deliberately high, but that's OK for this purpose. Now we just do the math.
2011-1960 = 51 years, which is 51y * 365.25d/y * 24h/d = 447,066 hours.
24 hours * 20 incidents = 480 hours of downtime incidents.
480 is divided by the percent of the country affected, so 480 hours * 25% = 120 hours of downtime, total.
1 - (120 / 447,066) = .999731, * 100% = 99.9731% uptime. That's at least three nines of uptime. To an entire country of over 300 million people!
It's almost impossible to properly appreciate that level of reliability. I suggest spending some time in countries that have poor electrical grids, where rolling blackouts due to power shortages are scheduled daily.
I had 1:20 as the original ratio, but 20 was an unrealistically small class size in today's schools. Didn't change the percents to follow, sorry.
Sure, we can blame some of that on standards and requirements laid out by the legislatures. "Add this to your 5th grade health class." "Add this to your 7th grade math class." Teachers are spending a lot of time pushing crap that a politician thought was important, not what's actually important. I wouldn't be surprised to find that 10% of classroom time is wasted on political agendas instead of learning. But it's not the entire problem.
A big part of the problem is refusal to accept discipline as an appropriate path. (Note that discipline does NOT mean corporal punishment.) If little Johnny Trouble is disrupting class again, the rest of them just sit there and read 'Dick and Jane' for the 17th time while the teacher spends an hour trotting him down to the behavioral psychologist's office. Little Johnny is talked at without effect, then put back in the classroom where he then disrupts it for the 18th time. Little Johnny needs to be efficiently removed from the classroom setting without the parent's approval, and without concern for his "feelings", as every other approach rewards his bad behavior. And yes, his teacher should be able to tell the other kids that little Johnny was kicked out because he was being naughty. Stigmatize the offense. It works.
I'm not blaming little Johnny here. I'm blaming the system for deciding that accommodating little Johnny's every whim is a viable approach to education. If little Johnny has to end up in "special school" for a month to work out his issues, that gives 24 other kids the chance to excel. If Mommy or Daddy feel that little Johnny is being stigmatized by being placed in special school, Mommy or Daddy can hire a specialist to work with little Johnny to figure out his problems and get him cooperating so he can return to the classroom. The schools don't have to abandon him, but they also don't have to keep him slowing down the mainstream.
School boards have to step up and recognize they must represent the 95% of kids who aren't little Johnny. They also have to stop acting as the supreme court of schoolhouse behavior, and stand up to the whiny parents who think their kid shouldn't have been singled out. "Sorry, ma'am, that's a decision between the teacher and the principal, not us. They were there, we were not. Their decision is final. Your alternative to special school is to move out of our district, and take little Johnny with you. Now if you would please sit down and shut up, we won't send your new district a full transcript of little Johnny's discipline issues. Have a nice day."
Another big part of the problem is refusal to accept failure as a possible outcome for a child. Instead of moving the class along and leaving little Johnny behind, the entire class is held back to little Johnny's level of non-progress. If little Johnny can't keep up, alter little Johnny's schedule, not the whole class. There can be a standard pace, and it can be set to the pace of the average student. It doesn't have to be hyperaccelerated, but without the anchor of slow students, it will certainly speed up.
"No child left behind" takes the Garrison Keeler joke of "Lake Woebegone, where all the children are above average" and tries to apply it legislatively, which is absurd. 5% of the children will always be the bottom 5% of the children. So far all it's accomplished is that we've proven that we can't squeeze 5% up into the bell curve without squeezing down the middle 90% to hide them.
This.
That's the problem with whining about the insignificant amount of data on your phone. It still hides the real problem, which is that you willingly gave the data to random third parties who promised to make your life better by "connecting you with friends" or "sharing your thoughts".
Where it gets interesting is if your phone has a gateway back to your own personal systems. Can the police traverse the link back to your house, and start reading what's on your hard disk via the phone? They may not even know they've "left" the phone's data and started using your network to do so. And can they traverse the other links back to your corporate email systems, and read company-sensitive stuff?
I'm wondering about training, though. Here we have an ordinary cop with full access to your phone, who has no computer forensic training and no oversight, and who can just stomp all over your data changing bits at will. And who's to say he isn't adding contact information showing your "obvious" known associations with Tony Soprano? Now he can suggest you're headed for Federal PMITA prison, unless you "cooperate". It's certainly easier to plant phony electronic "evidence" on the scene than cocaine or a smoking gun.
Yeah, I didn't download that app either.
They've been around for a long, long time. Someone added application permission hours to our mainframe to disable certain game programs (Adventure) until after school hours. This was back in the 1970s.
You're talking about open container laws, which really should be thrown out. Either the driver is drunk or he is not. Whether or not the open bottle is in the cab does not have any impact on his current state. Open container is a horrible, insane "pre-crime" law (guess who just watched Minority Report on cable this weekend?)
If you're on a jury and agree with this sentiment, be sure to vote to nullify any charges on open container. You can still vote guilty on the drunk driving charges themselves, but open bottle laws are just stupid. All they do is lead to excessive littering.
I don't "like" anything. I am talking about unhealthy behavior. I don't care if you smoke and eat yourself to death.
Well I care. According to the tobacco companies, smokers are much more likely to die quickly of a heart attack long before needing expensive health care treatments to preserve their lives, so we save lots of valuable health care insurance money all thanks to smoking!
Thanks, smokers, you keep my rates down!
</snark>
What about if tax laws become so complex that the government mandates the use of filing software to ensure proper compliance with them?
I filled out a tax form on property depreciation once, decades ago, that had in the instructions "estimated time you will need to understand this form and fill it out: 40 hours." So I may have filled out the form incorrectly, but realized I had no practical way of knowing for sure if it was right. Software would have been able to ensure it was filled out properly.
They're already creating laws so complex that filing software (or hiring an expert) is the only economically practical way to comply. I suppose my best option at this point is to demand that congress simplify the tax laws, before they force me to buy software. As if.
Convenience.
I already have an app to set my phone to "silent" as I approach the building at work. Not that I need to be told that it's wrong to have a noisy phone at work, but I do forget to silence it. It's one less thing cluttering up my already cluttered brain.
I silence my cell phone in the theater, sometimes because I remember but sometimes because the annoying video clip reminds me to.
I always remember to silence my cell phone at important events, such as theatrical plays, funerals, ceremonies, etc, because they're uncommon. Before such events I mentally go through a list of "are you prepared to be here?" kinds of things.
So I'd love a "location service" that says "hey, you're within the walls of something deemed a 'theater' or a 'restaurant, 3+ stars', I'll go silent." It would help me be polite at times when it might not occur to me otherwise. But I'd be the one choosing to use it out of respect for my fellow patrons, and not having it imposed upon me by a self-important restauranteur and an obsequious cell phone company.