As I understand Indecent levels, level 3 tops out just before the actual release of radioactive materials outside the plant. Once you have materials leaving the plant in an uncontrolled manner, we are at Level 4.
The US federal government should sell NSA, piece by piece. Interested bidders might be Google, Amazon, Microsoft, China, Russia, Switzerland, Israel, Comcast, Verizon, Cisco, MIT, Harvard, Stanford, the Vatican, New Jersey, Texas, Qatar, the Republican Party, the Democratic Party, the US Senate...
You foolishly assume Google, Amazon, Microsoft et. all don't already have better collection systems and are interested in what the NSA has to sell..
Plus.. Remember that the Senate cannot buy anything without the house giving them the money.
Except this isn't what the NSA is doing, They are spying on US Citizens you say only 80 Americans have been spied on does that include the 16,000 Secret warrants, which we have no idea what they have been used for because its classified..
I challenge you then to produce 16,000 victims of improper evidence gathering by the NSA... Problem for this argument is that there are exactly ZERO people who have been charged from such warrants or convicted of crimes due to the existence of such evidence. Not to mention that the granting of a warrant means the Judge agreed there was sufficient reason to conduct the search which, by definition, makes the gathering of it legal.
So, go get a true case of somebody who was charged and convicted based on classified evidence collected by the NSA under one of these warrants... I'm guessing you won't find anybody. In fact, I'm guessing you will only find cases where the charges where supported by unclassified evidence, where the classified part wasn't necessary to secure a conviction. There will be lots of bluster about not having access to this classified evidence, but no cases where classified evidence was actually used.
Sounds like they have a handle on security, for the most part. However, I've lived under much more authoritarian network setups. We use a virtual machine for internet access that connects though a VPN connection to the company proxy. You don't get to the internet any other way, even if you are not on the company network. There are a few exceptions to this rule, but in general you go though the browser in the virtual machine. The Virtual machine has no access to the local network, only the VPN connection, and gets reloaded every day. It's not fool proof, but it's about as secure as I can imagine.
But I've worked at places where network security was basically a joke. The thought they had good security, but it was easily and routinely side stepped. A guy I worked with had an SSH connection that would automatically be made with a server in his home when he send an E-mail to a specific address. So, any time he wanted, he could access anything inside the network by setting up a PPP connection though his home server. It came in handy for him I guess, but it was a security hole big enough to drive a bus though.
I was being sarcastic. There are those on SlashDot who would see this as a really bad breach of security because the reverse engineering of this would be *possible* even if highly improbable.
Personally, I don't figure the manufacturers are going to walk away from sending you to the dealer for software upgrades. The dealers won't stand for it and the last thing the manufacturers want is a balky set of dealers. Really, most autos don't require firmware updates. Traditionally it's always been difficult to do these and manufacturers just don't update that often. They'd rather you buy a new car, and sending you to the dealer only helps in this. They really want you walking around the new car lot being hounded by sales people because a few folks might actually *buy* that new car.
Originally patents were for 13 years with one renewal by the original Person that applies and copyright was for 17 years with one renewal by the original Person that applies.
Go back to that and all the problems disappear.
Along with most of the patents in the world... But that's your point right?
Call me a fan boy but iOS is a much better world to work and play in
Where I cannot argue, I must point out that iOS pretty much locks you into a single vendor. You have to buy your development equipment AND your devices from ONE vendor. Further, if that vendor decides your app doesn't meet with their approval? You are OUT of business.
But if you like iOS, then power to you. If the vendor likes your app, that's great too. Just don't come crying to me when iOS 9 breaks everything or the vendor decides to make your life harder and more expensive.
This is a Lexus, I mean Toyota, I mean Lexus... If you can afford one of those, who's going to complain about an $800 GPS upgrade?
Seriously, look into what he *PAID* for the GPS option on the sticker price. You think the $800 update is soaking you. The GPS option on my last car 5 years ago was $3k and DIDN'T come with updates. The sad thing is that literally EVERYTHING but the GPS receiver already was in the car. The display, computer, the Controls, the antenna the wiring where ALL there. They wanted 3K to load the software and install a GPS receiver? No way.
For that kind of money, you can buy a consumer GPS unit with voice commands and lifetime maps and have enough money to buy a new one every year for the expected life of the car.
Unless you just have money to burn, don't bother with the built in GPS thingy in a new car. Now, if you have the money, power to you.
Go further.. It goes back to the dealers, though the GM, though the manager, to the salesman who's job it is to milk the customer out of as much hard earned cash as he can. Then to the finance guy who gets the next bite of the apple. Finally it ends up at the service manager who conspires to take as much of your cash for "maintenance" as can be managed. Do you *know* what a dealer gets to change the oil? Heaven forbid he actually has to replace a part at your expense.
I'm very glad the project is going forward. But, 10 years?! I have to think the turnaround time could be improved with a little effort, imagination, and courage.
You must be a project manager who doesn't work on government projects. Come on, this is the EU we are talking about. It's going to take them at least half that time to be on holiday.
Tech Support: Can you please supply your VIN so I can cross check your support level...
Customer: Oh yes, let me read that off the door it's...... (customer reads and confirms the VIN)
Tech Support: Thank you for your VIN, I will verify your support level now..
Customer: Uh, Ok, but my car is broken and I got to get it fixed before the day care closes... How long will this take.
Tech Support: It shouldn't take too long, but our computers have been rather slow today.
Tech Support: Well, sir, That VIN is valid and I see you didn't purchase the extended manufacturer's warranty option.
Customer: Well, yes, that's right, the salesman said it was a reliable car and I figured I didn't need it. So can you help me?
Tech Support: We offer support on the Web for our customers who are out of warranty, OR if you wish, we can extend your warranty now for a small fee.
Customer: How much?
Tech Support: The 10 year 100K mile option is only $3,000, we take all major credit cards.
Customer: HOW MUCH?
Tech Support: $3,000, we also offer a payment plan option...
Customer: I'll bet you do, any other options because I DON'T have $3,000 and because I'm still paying for the car, I have no extra money for monthly service. I guess I'm going to have to see what's on the web...
Tech Support: Well, we do offer a one call, all the support you can get for $200, but it's only good for one call.
Customer: Well, I need my car so I guess I'll have to go with that option. You say you take credit cards?
Tech Support: Any major credit card will do.... (They exchange credit card details and the customer is charged)
Customer: Great, so what can I do to get my car fixed...
Tech Support: Have you tried turning it off and on again?
Customer: Yes, I just did that again to be sure..
Tech Support: So no lights or anything on the dash?
Customer: Nothing.... (pause)
Tech Support: I'm going to have to escalate this call to 2nd level support. Hang on while I transfer the call.
You don't, or at least you will be better off going to the dealer.
Doing the firmware updates to your car yourself IS possible, but usually this involves buying the necessary tools and software from the manufacturer or a third party who has reverse engineered the tools. I can tell you that all these tools are pretty expensive and unless you are able to spread the cost out over a fleet of cars it's going to be cheaper to let the dealer do it.
For example, I was trying to get additional keys made for my Honda. With Honda (and most manufacturers) you have to have a programming tool you hook up to the car to register the keys. Dealers charge about $250 for three keys and programming. Only about $60 of that is for the keys. The rest is for the labor to hook up the tool and program the keys, which takes about 10 min. The tools to do this yourself, start at about $600 in this case and it is unlikely that you'd ever use it more than once. It's just cheaper to go to the dealer, as much as I hate paying Them $200 for 10 min work.
- Your phone only is intended to last about 2 years, manufactures don't support these devices beyond this time because you are expected to replace it. Cars are expected to have 5x that lifespan (if not more) and ARE supported.
- A malfunction in a critical system in a car can easily kill somebody and cause property damage, a malfunctioning phone just becomes a useless object (i.e. a brick) when the firmware update gets scrambled.
- Cars are "critical infrastructure" for most people, you need it to go to work, get to the store, pick up the kids at day care, phones are (even today) unnecessary in the short term.
\So the idea that the dealer is somehow safer, is purely insane.
Not really. Where I get there is an attack vector there, it is a whole lot more indirect than just messing with the car. Are suggesting that somebody might try an attack that involves hacking into the dealer's diagnostic equipment to replace the firmware files with hacked ones so that the dealer will propagate said hack onto customer's cars to do some bad thing to somebody? Seems that there are a whole lot more convenient ways to go about this to me, so Yes, I feel safer having the dealer update my car's firmware.
How about firmware updates that a user can just download off the manufacturer's website, save on a USB stick, and insert it into a USB port somewhere on the dash?
A little less convenient than OTA, but with lesser risks, and still a whole lot more convenient than going to the dealer's service department.
No, I don't see *any* possible ways to hack that update path. Not one thing comes to mind.
Actually, manufacturers PAY dealers for warranty work. So the dealers make bucks for recalls. Maybe not as much as when they catch a live one that lets them do all the "routine service" stuff too, but they make money on recalls.
Which is NOT what the FCC wants from ISP's. There can be no "most favored packet" routes based on who is sending or receiving the packet. So Netflix packets get no special priority (positive or negative). ISP's won't be able to throttle, manage or shape data flowing in their networks. All they can do is route packets without respect for who they come from, where they are going or what they contain.
But they can treat different packets differently in the same way as the Post Office handles letter and parcels differently.
Based on what? The packet size, port numbers and IP addresses?
Isn't that the whole point here? That the FCC doesn't want ISP's to have the right to filter or load shape certain content that originates or is destine to specific providers and customers? If we let them filter on port and/or IP addresses, you don't have what the FCC is trying to do.
As I understand Indecent levels, level 3 tops out just before the actual release of radioactive materials outside the plant. Once you have materials leaving the plant in an uncontrolled manner, we are at Level 4.
http://en.wikipedia.org/wiki/I...
The only way I've known to really make serious coin on some FOSS project is to write the book.
Ok.. Yea, there are other ways, but it's the book writer we all remember.
Not even close.
The original poster was making the claim that *somebody* had been harmed. I'm asking for specific evidence of that happening.
So, to use your illustration.... Who's had their car run over or their house knocked down?
But realistically what are the chances that another mobile OS is going to displace IOS or Android? Very VERY low.
All we had before Android came out was iOS, Windows CE, and Blackberry...
I don't see a reason not to try, sometimes it works out.
I hear ya!
Oh.. Wait...
The US federal government should sell NSA, piece by piece. Interested bidders might be Google, Amazon, Microsoft, China, Russia, Switzerland, Israel, Comcast, Verizon, Cisco, MIT, Harvard, Stanford, the Vatican, New Jersey, Texas, Qatar, the Republican Party, the Democratic Party, the US Senate...
You foolishly assume Google, Amazon, Microsoft et. all don't already have better collection systems and are interested in what the NSA has to sell..
Plus.. Remember that the Senate cannot buy anything without the house giving them the money.
Except this isn't what the NSA is doing, They are spying on US Citizens you say only 80 Americans have been spied on does that include the 16,000 Secret warrants, which we have no idea what they have been used for because its classified..
I challenge you then to produce 16,000 victims of improper evidence gathering by the NSA... Problem for this argument is that there are exactly ZERO people who have been charged from such warrants or convicted of crimes due to the existence of such evidence. Not to mention that the granting of a warrant means the Judge agreed there was sufficient reason to conduct the search which, by definition, makes the gathering of it legal.
So, go get a true case of somebody who was charged and convicted based on classified evidence collected by the NSA under one of these warrants... I'm guessing you won't find anybody. In fact, I'm guessing you will only find cases where the charges where supported by unclassified evidence, where the classified part wasn't necessary to secure a conviction. There will be lots of bluster about not having access to this classified evidence, but no cases where classified evidence was actually used.
Sounds like they have a handle on security, for the most part. However, I've lived under much more authoritarian network setups. We use a virtual machine for internet access that connects though a VPN connection to the company proxy. You don't get to the internet any other way, even if you are not on the company network. There are a few exceptions to this rule, but in general you go though the browser in the virtual machine. The Virtual machine has no access to the local network, only the VPN connection, and gets reloaded every day. It's not fool proof, but it's about as secure as I can imagine.
But I've worked at places where network security was basically a joke. The thought they had good security, but it was easily and routinely side stepped. A guy I worked with had an SSH connection that would automatically be made with a server in his home when he send an E-mail to a specific address. So, any time he wanted, he could access anything inside the network by setting up a PPP connection though his home server. It came in handy for him I guess, but it was a security hole big enough to drive a bus though.
I was being sarcastic. There are those on SlashDot who would see this as a really bad breach of security because the reverse engineering of this would be *possible* even if highly improbable.
Personally, I don't figure the manufacturers are going to walk away from sending you to the dealer for software upgrades. The dealers won't stand for it and the last thing the manufacturers want is a balky set of dealers. Really, most autos don't require firmware updates. Traditionally it's always been difficult to do these and manufacturers just don't update that often. They'd rather you buy a new car, and sending you to the dealer only helps in this. They really want you walking around the new car lot being hounded by sales people because a few folks might actually *buy* that new car.
What's "having authority" got to do with it... He's got his pen and he's not afraid to use it. Constitution or no...
This business will get out of control. It will get out of control and we'll be lucky to live through it.
Originally patents were for 13 years with one renewal by the original Person that applies and copyright was for 17 years with one renewal by the original Person that applies.
Go back to that and all the problems disappear.
Along with most of the patents in the world... But that's your point right?
It's a bureaucratic problem. What are you suggesting, a military solution?
Naw... How about un-red taping the red tape?
Yea, that's the ticket, we never have had a signature authority compromised or somebody break in someplace and disclose private keys...
Call me a fan boy but iOS is a much better world to work and play in
Where I cannot argue, I must point out that iOS pretty much locks you into a single vendor. You have to buy your development equipment AND your devices from ONE vendor. Further, if that vendor decides your app doesn't meet with their approval? You are OUT of business.
But if you like iOS, then power to you. If the vendor likes your app, that's great too. Just don't come crying to me when iOS 9 breaks everything or the vendor decides to make your life harder and more expensive.
This is a Lexus, I mean Toyota, I mean Lexus... If you can afford one of those, who's going to complain about an $800 GPS upgrade?
Seriously, look into what he *PAID* for the GPS option on the sticker price. You think the $800 update is soaking you. The GPS option on my last car 5 years ago was $3k and DIDN'T come with updates. The sad thing is that literally EVERYTHING but the GPS receiver already was in the car. The display, computer, the Controls, the antenna the wiring where ALL there. They wanted 3K to load the software and install a GPS receiver? No way.
For that kind of money, you can buy a consumer GPS unit with voice commands and lifetime maps and have enough money to buy a new one every year for the expected life of the car.
Unless you just have money to burn, don't bother with the built in GPS thingy in a new car. Now, if you have the money, power to you.
Go further.. It goes back to the dealers, though the GM, though the manager, to the salesman who's job it is to milk the customer out of as much hard earned cash as he can. Then to the finance guy who gets the next bite of the apple. Finally it ends up at the service manager who conspires to take as much of your cash for "maintenance" as can be managed. Do you *know* what a dealer gets to change the oil? Heaven forbid he actually has to replace a part at your expense.
I'm very glad the project is going forward. But, 10 years?! I have to think the turnaround time could be improved with a little effort, imagination, and courage.
You must be a project manager who doesn't work on government projects. Come on, this is the EU we are talking about. It's going to take them at least half that time to be on holiday.
You forgot the following:
Tech Support: Can you please supply your VIN so I can cross check your support level...
Customer: Oh yes, let me read that off the door it's...... (customer reads and confirms the VIN)
Tech Support: Thank you for your VIN, I will verify your support level now..
Customer: Uh, Ok, but my car is broken and I got to get it fixed before the day care closes... How long will this take.
Tech Support: It shouldn't take too long, but our computers have been rather slow today.
Tech Support: Well, sir, That VIN is valid and I see you didn't purchase the extended manufacturer's warranty option.
Customer: Well, yes, that's right, the salesman said it was a reliable car and I figured I didn't need it. So can you help me?
Tech Support: We offer support on the Web for our customers who are out of warranty, OR if you wish, we can extend your warranty now for a small fee.
Customer: How much?
Tech Support: The 10 year 100K mile option is only $3,000, we take all major credit cards.
Customer: HOW MUCH?
Tech Support: $3,000, we also offer a payment plan option...
Customer: I'll bet you do, any other options because I DON'T have $3,000 and because I'm still paying for the car, I have no extra money for monthly service. I guess I'm going to have to see what's on the web...
Tech Support: Well, we do offer a one call, all the support you can get for $200, but it's only good for one call.
Customer: Well, I need my car so I guess I'll have to go with that option. You say you take credit cards?
Tech Support: Any major credit card will do.... (They exchange credit card details and the customer is charged)
Customer: Great, so what can I do to get my car fixed...
Tech Support: Have you tried turning it off and on again?
Customer: Yes, I just did that again to be sure..
Tech Support: So no lights or anything on the dash?
Customer: Nothing.... (pause)
Tech Support: I'm going to have to escalate this call to 2nd level support. Hang on while I transfer the call.
Customer: OK....
(pause) (clicks) (pause) (dial tone)
You don't, or at least you will be better off going to the dealer.
Doing the firmware updates to your car yourself IS possible, but usually this involves buying the necessary tools and software from the manufacturer or a third party who has reverse engineered the tools. I can tell you that all these tools are pretty expensive and unless you are able to spread the cost out over a fleet of cars it's going to be cheaper to let the dealer do it.
For example, I was trying to get additional keys made for my Honda. With Honda (and most manufacturers) you have to have a programming tool you hook up to the car to register the keys. Dealers charge about $250 for three keys and programming. Only about $60 of that is for the keys. The rest is for the labor to hook up the tool and program the keys, which takes about 10 min. The tools to do this yourself, start at about $600 in this case and it is unlikely that you'd ever use it more than once. It's just cheaper to go to the dealer, as much as I hate paying Them $200 for 10 min work.
- Your phone only is intended to last about 2 years, manufactures don't support these devices beyond this time because you are expected to replace it. Cars are expected to have 5x that lifespan (if not more) and ARE supported.
- A malfunction in a critical system in a car can easily kill somebody and cause property damage, a malfunctioning phone just becomes a useless object (i.e. a brick) when the firmware update gets scrambled.
- Cars are "critical infrastructure" for most people, you need it to go to work, get to the store, pick up the kids at day care, phones are (even today) unnecessary in the short term.
\So the idea that the dealer is somehow safer, is purely insane.
Not really. Where I get there is an attack vector there, it is a whole lot more indirect than just messing with the car. Are suggesting that somebody might try an attack that involves hacking into the dealer's diagnostic equipment to replace the firmware files with hacked ones so that the dealer will propagate said hack onto customer's cars to do some bad thing to somebody? Seems that there are a whole lot more convenient ways to go about this to me, so Yes, I feel safer having the dealer update my car's firmware.
Your mileage may vary..
How about firmware updates that a user can just download off the manufacturer's website, save on a USB stick, and insert it into a USB port somewhere on the dash? A little less convenient than OTA, but with lesser risks, and still a whole lot more convenient than going to the dealer's service department.
No, I don't see *any* possible ways to hack that update path. Not one thing comes to mind.
Actually, manufacturers PAY dealers for warranty work. So the dealers make bucks for recalls. Maybe not as much as when they catch a live one that lets them do all the "routine service" stuff too, but they make money on recalls.
Which is NOT what the FCC wants from ISP's. There can be no "most favored packet" routes based on who is sending or receiving the packet. So Netflix packets get no special priority (positive or negative). ISP's won't be able to throttle, manage or shape data flowing in their networks. All they can do is route packets without respect for who they come from, where they are going or what they contain.
But they can treat different packets differently in the same way as the Post Office handles letter and parcels differently.
Based on what? The packet size, port numbers and IP addresses?
Isn't that the whole point here? That the FCC doesn't want ISP's to have the right to filter or load shape certain content that originates or is destine to specific providers and customers? If we let them filter on port and/or IP addresses, you don't have what the FCC is trying to do.