Er...no. How about just letting engineers figure these things out like we always have?
I took an ethics class as a required part of my CS degree, and this was pretty much the conclusion everyone came to after reading the sections about robot morality. The computer scientists have enough trouble understanding how an AI would work in reality, let alone some random philosopher whose only experience with robots and AI is what they've seen on TV.
Okay, so you're not next to the switch, you're on a bridge over the track. You still have no way to warn the people on the track. But there's a very fat man standing on the bridge next to you, and if you pushed him off to his death on the track below, it'd stop the trolley. Do you do it?
Most people say "no", and even most of those who say yes seem to struggle with it.
The reason people struggle with it is because the scenario doesn't make a ton of sense. Everyone has seen videos of trains smashing cars like the car isn't even there, it's hard to believe that a fat guy would be heavy enough to stop the train. What if I push him, the train hits him and then continues on to hit the people? And if the fat guy is heavy enough to stop the train, doesn't that mean he's going to be too fat for me to push? I'm a skinny guy, physics wouldn't be on my side here. What if I try to push him, fail, and then he turns around and wonders why the hell I was trying to push him into a train? And even if it works, people might think I pushed the guy because he was fat, rather than to save the people.
All of that compared to me flipping a switch to save 4 people at the cost of 1. If I flip the switch the outcome is pretty set.
It might be better to pose the fat guy variant of question as "there's some dynamite near the track and someone is sitting there eating their lunch on it, do you blow it up to stop the train, killing the fat guy in the process?"
Throwing money at the problem would work in the case of your school because it's not top heavy with administration. It wouldn't work work in other schools which are top heavy with administration. As such, if you're going to throw money at the problem, it would be best to do so on a case by case basis or not at all. Otherwise you're just encouraging top heavy administrators.
Do you consider this amount of money to be so completely unreasonable? To start the discussion, for sure we can agree that this amount is not infinite.
(Also, if you agree with HBI, why would you mod HBI up, and not reverse the mods of the AC?)
ok I'll bite. I won't call any parcitular sum reasonable or unreasonable (mostly because I'm not an analyist and every location is going to have different costs associated with it). That said, there are a lot of situations where school systems pay a very small amount (from memory, isn't utah like 6k per student?), but get significantly better results than places like california and new york that are in the 20k/student range.
Ancidotally, my experience with increased funding to any particular program just means there's increased waste. I was very involved with the computer science program at my commuinity college before transferring (we were trying to make it its own thing instead of tagging along behind the math department). We got a huge influx of funding from some program, but it basically just sat there while we tried to think of things to use it on. We had meetings about how to spend it (which got nowhere because there were all sorts of limitations as to what it could be spent on), we upgraded all the computers in the lab (which were promptly slowed down again after campus IT loaded them up with the required crapware and monitoring), we spent 10k on building a tiny supercomputing cluster (which was promptly unused because we didn't really have anything computationally intensive to run on it), and then we bought the computer club one of the new (at the time) nvidia tesla cards to do CUDA programming on (which never even got setup because campus policy wouldn't allow us in the same room as it without the professor present). Meanwhile, the CS professors continued todraw abnormally low salaries while the campus president voted herself raises (she was well into the high 200k range by the time enough people revolted and threw her out) and the rest of campus services (i.e. internet connectivity, which we relied on to allow students to ssh into the cluster) suffered horribly.
"are you suggesting you can't split your attention between traffic and your cars instrumentation? Maybe we need to reevaluate your ability to safely operate a vehicle"
Which is why you either say "yes, I know how fast I was going" or grin and invoke the 5th amendment.
.. well.. security usually adds complexity to point and click. That's just the way it is.
Yes... to a degree. The issue is that a lot of times the "experts" take it way too far to the point the system slows to an unusable crawl or needlessly hampers the user. To continue with your car analogy, it would be the equivalent of telling *everyone* that they need a car with a standard key lock, an electronic lock, and a password that must be entered before starting the engine (that requires an internet connection to authenticate and will disable the car after 2 incorrect entries). Eventually you cause the user to either get rid of the car and go back to no locks, or rent/borrow a different one in order to do their driving if you force them to keep it. In fact, if I were to be cynical about it, why not just disable their car entirely so that it can't be stolen? They'll have to circumvent policy to actually drive anywhere, but if data gets stolen it's their fault for circumventing policy right? It's absolutely not the fault of the "expert" who gave them an unusable car.
Assuming that we both agree some security is better than no security, and a usable car is preferred, it would be better to recommend that they stop 99% of successful thefts by locking their doors and exercising some common sense about where they leave the car, rather than proposing extreme measures for thwarting 100% of all attempts to steal it.
A lot of the reason people don't listen is that security professionals have done a great job of teaching everyone that increased security is synonymous with a slow, inconvenient, and unusable system. Sort of like that XKCD about password complexity points out.
Would it actually be stuck as unbootable though? I'd expect if the switch was disallowing write access all that would happen is the flash would do nothing and the system would boot back up with the old version.
Or just ship everything in boxes with tamper evident seals, then instruct the end user on inspection of said seals while informing them that anything with a broken seal will be replaced?
We just need to make them more power efficient, so we can stack them up in 3D configurations without overheating.
iirc there was a push to develop a human brain equivalent using specially designed chips (I remember seeing some slashdot stories on it last year). It still took a very large and expensive computing center to run. No matter how you slice it, this stuff isn't going to get down to cheap desktop machines like you seem to think.
The media may exaggerate the current state of machine intelligence, and human level AI is probably at least a few decades away, but there is no rational reason to believe that it won't eventually happen.
We're running out of low hanging fruit for advances in speed (and going to hit hard physics limits soon after that), and things like quantum computers are only good for a small subset of tasks. If it does eventually happen, it's going to take some pretty massive computing clusters to do it. And then who's going to pay billions of dollars in invetments and millions of dollars in yearly maintenance for a single human-equivilant mind?
In reality (and assuming all of this breathless hyperbole about what AI actually is doesn't set it back another 20 years), what I'd expect to see is machine learning become more common everyday consumer areas. Things such as a system where you put a microphone under a cars hood and feed it to a computing cluster, then 10 minutes later it spits out a list of things likely wrong with the engine for the techs to look into.
I've never run out, but I've come quite close a few times.
One particular time I was driving through the desert, passed a town on a low (was reading about a quarter) tank. I realized about 30 miles later that the next place I could stop for gas was still 60 miles ahead. I put 13.8 gallons into a manufacturer claimed 12.6 gallon tank at the next stop, so I'm sure I was close to empty.
I had another one where I left the house on a quarter tank with ~100 mile drive up to a friends house planned. That should have been enough to easily make it to the convenient station just down the street from him, but I hadn't realized how much more mileage making a detour to pick someone up on the way added. Noticed the needle buried in the red about 3/4ths of the way there, took the next exit, filled up, and was back on the freeway again within 5 minutes.
Then there are the countless other times I've driven to work (yay 60 mile commute), then stopped for gas before leaving for home since I knew I'd be risking it to try to make it back on that low of a tank.
It does not consume any power other than keeping the computer alive and the airconditioner/heater.
And the heater is a problem when idling in traffic in the snow. If you run the battery down maintaining a comfortable temperature, it's not like AAA can bring you a little can of electricity to make it to the next charging station where you can fill up and be on your way in a few minutes.
Not only are gas stations more prevalent, but there are also a huge number of other options available if you run a gas powered car out of gas ranging from a passerby letting you siphon some out of their tank to someone driving a can over to you to worst case of having to hike a few miles to the nearest gas station. Run a battery powered car out of battery and your only option is to be towed.
It isn't like I can just pull up at a stranger's house and run an electric cord over.
And the gasoline equivalent would be to walk up and ask for a little can of gas. Which is easily carried by a single person and can get you another 50 miles no problem.
If they can get in past a locked door, they can get into the glovebox. I'm not such a special snowflake that anyone is trying either of these.
Yes but it's one more layer to defeat. It might also keep the casual maliciousness out (say the neighbors kid just read about this cool thing you could do the hack a car). Either way, it's a really simple step with no downsides.
An interface between the OBDII and the bus might slow some of this but it may also screw with diagnostics, it's an interesting idea but it will also increase cost in an industry that tries to shave pennies off of a production run:(
It would be an extra device, just like a hardware firewall. My $30 desktop switch has enough brains to let me configure it to block some basic stuff (like MAC flooding) plus act as a switch. I'm sure it cost a 10th of that before all the retail markups. The cost argument is why I'm fine with the lawsuit. That will give the people who want to design with an eye for security a cost savings argument ($300 worth of chips is potentially cheaper than a massive lawsuit).
As for controllability - I can make thermite at home if I want and I can use the same BT interface you're slapping into an OBDII port for a controller to light the stuff.
Flammables are easy to make. Detonators that are consistent and reliable are hard. I'd be surprised if you could come up with a design that's less work than ordering a $20 device (one that no one would even think twice about you buying, unlike say, thinly shaved magnesium strips) and downloading a program.
Bottom line - why are we so much more worried about this when the capability to do all sorts of wicked things exists already right now at the local hardware store? Why does cyber make it more scary?
Again, because of the controllability and the way it lends itself to casual use. Also, this is exactly the kind of argument people made against securing computers in the 90s, and we're just now getting away from those consequences today. Why not spend a tiny bit of extra effort designing this stuff with a least rudimentary security in mind?
The control systems ARE isolated with firewalls, the hacks that have been demonstrated - to my knowledge - have removed those.
That's news to me then. My impression from watching a video a while back of how these worked was that they were simply using the OBDII port to send false signals and/or flooding the bus with so much traffic that the signals couldn't get through. I could have sworn they specifically said that the dash was only apart because they'd been monitoring signals while developing the hacks and couldn't be bothered to put it back together again.
What exactly does "hardening the OBDII port" mean?
Throw an interface in between it and the rest of the car that will do the following:
- Disallow any communication that wouldn't be expected to come from that port. e.g. I would not expect the ABS sensors to talk to the brakes via the OBDII port
- Limit the number of messages sent into the port if it exceeds some threshold (assuming that the attacks relied on spamming messages. But even if not, is there some reason you'd have to flood the bus with messages?)
- Possibly put it somewhere where casual physical access isn't as easy, e.g. inside the glovebox that locks when the doors are also locked.
- Add an indicator to the dash lights to say when something is plugged in and/or diagnostics are being run.
Note that this doesn't do any of the following:
- Hinder your ability to use diagnostic tools to read the values reported by the ECU
- Hinder your ability to access the port
- Cause additional processing on the part of systems other than the firewall between the port and the rest of the network
5mins with a hacksaw blade and I can make sure you lose your brakes or steering, maybe catch the car on fire. Why aren't we armor guarding any of those hoses exactly? Why does "cyber" automatically mean it's a higher threat?
Because as I said before, if you use a hacksaw you have no control over when or where the accident happens. It becomes a higher threat electronically because of controllability, variety, and ease of use.
Hell, you keep mentioning hacking and modifying your own car... do you drive with a bluetooth OBDII interface plugged in so you can log data on your phone? (I did for a while when trying to troubleshoot an airflow issue) Would you still do so knowing that someone could leave a transmitter somewhere near the road just waiting for someone like you to drive by so it could send your car off into a tree for the lulz?
Store each disc and each player in an air-tight compartments so one will not contaminate others.
That's basically what I meant by "vacuum seal". Something like those space bags where you remove most of the air to compress blankets or whatever but aren't necessarily creating an industrial vacuum of just a few torr.
If you don't think they'll go to very much trouble - then you should provide them with the means to replay the data as well as the data itself. There are plenty of small video players (like a cheap digital camera or an MP3 player with video capability) - so long as you pack them appropriately and protect them from crazy temperature variations, they should last a long time in storage and still work at the end. Provide written instructions on what power requirements the machine has - and what buttons to push to access the content.
This is what I was going to suggest. Portable DVD player with a few different DVDs of different brands (in case one uses some kind of corrosive label or something) and vacuum seal it all with some moisture absorbing packs. Take the battery out of the thing and make sure there are some instructions about what kind of input power it needs.
And if I want to cause you to have an accident in your pre-ECU car I can cause substantial damage with some wrenches and a minute.
But what you can't do is cause the tie rod you cut to fail at exactly the point where I'm a hairpin turn along a cliffside road. Or the brakes to fail, steering to quit working, and airbags prematurely detonate as I try to come to a stop from 70mph with a semi truck in front of me. I guess you could put some remote detonated explosive or something on a brake line, airbag sensor, and steering linkages, but how long will it stay there while exposed to road and weather conditions? A disguised bluetooth adapter would have a good chance of sitting there for the life of the car.
I want to maintain the ability to hack/modify my own vehicles.
I do too. I don't think that encryption is necessarily the way to go, but at least some basic stuff like isolating the control systems from the entertainment systems, and hardening the OBDII port against casual exploitation (limit the message rate, inspect for certain kinds of malicious packets, etc.) shouldn't be too hard to do.
Give me a Bluetooth OBDII adapter and I'll show you wireless exploitation. I bet one could be made slim enough that no one would ever notice it plugged in. 5 seconds alone with someones car when they leave the door unlocked (or hell, if an attacker has the knowledge required to send malicious commands to the ECU I bet they have the knowledge to defeat a locked car door. It's not like they need to start the car and drive away).
So what's the best way to foster a welcoming environment while still being able to remove the destructive elements?
Benevolent Dictatorship.
Make it clear from the start to everyone on the project that while you're going to remain hands off as much as possible and let everyone do their thing, you're still the ultimate authority and you won't hesitate to step in and start cracking heads if people start causing drama and/or forget how to be adults and let their disagreements get out of hand.
Slashdot Mirror
Er...no. How about just letting engineers figure these things out like we always have?
I took an ethics class as a required part of my CS degree, and this was pretty much the conclusion everyone came to after reading the sections about robot morality. The computer scientists have enough trouble understanding how an AI would work in reality, let alone some random philosopher whose only experience with robots and AI is what they've seen on TV.
Okay, so you're not next to the switch, you're on a bridge over the track. You still have no way to warn the people on the track. But there's a very fat man standing on the bridge next to you, and if you pushed him off to his death on the track below, it'd stop the trolley. Do you do it?
Most people say "no", and even most of those who say yes seem to struggle with it.
The reason people struggle with it is because the scenario doesn't make a ton of sense. Everyone has seen videos of trains smashing cars like the car isn't even there, it's hard to believe that a fat guy would be heavy enough to stop the train. What if I push him, the train hits him and then continues on to hit the people? And if the fat guy is heavy enough to stop the train, doesn't that mean he's going to be too fat for me to push? I'm a skinny guy, physics wouldn't be on my side here. What if I try to push him, fail, and then he turns around and wonders why the hell I was trying to push him into a train? And even if it works, people might think I pushed the guy because he was fat, rather than to save the people.
All of that compared to me flipping a switch to save 4 people at the cost of 1. If I flip the switch the outcome is pretty set.
It might be better to pose the fat guy variant of question as "there's some dynamite near the track and someone is sitting there eating their lunch on it, do you blow it up to stop the train, killing the fat guy in the process?"
Throwing money at the problem would work in the case of your school because it's not top heavy with administration. It wouldn't work work in other schools which are top heavy with administration. As such, if you're going to throw money at the problem, it would be best to do so on a case by case basis or not at all. Otherwise you're just encouraging top heavy administrators.
Right. So the school system in your area isn't dystopian and therefore does ok for itself. It kind of supports the guys point.
So as far as my town is concerned your dystopian scenario is pure fantasy.
But does the school system there work well?
Do you consider this amount of money to be so completely unreasonable? To start the discussion, for sure we can agree that this amount is not infinite.
(Also, if you agree with HBI, why would you mod HBI up, and not reverse the mods of the AC?)
ok I'll bite. I won't call any parcitular sum reasonable or unreasonable (mostly because I'm not an analyist and every location is going to have different costs associated with it). That said, there are a lot of situations where school systems pay a very small amount (from memory, isn't utah like 6k per student?), but get significantly better results than places like california and new york that are in the 20k/student range.
Ancidotally, my experience with increased funding to any particular program just means there's increased waste. I was very involved with the computer science program at my commuinity college before transferring (we were trying to make it its own thing instead of tagging along behind the math department). We got a huge influx of funding from some program, but it basically just sat there while we tried to think of things to use it on. We had meetings about how to spend it (which got nowhere because there were all sorts of limitations as to what it could be spent on), we upgraded all the computers in the lab (which were promptly slowed down again after campus IT loaded them up with the required crapware and monitoring), we spent 10k on building a tiny supercomputing cluster (which was promptly unused because we didn't really have anything computationally intensive to run on it), and then we bought the computer club one of the new (at the time) nvidia tesla cards to do CUDA programming on (which never even got setup because campus policy wouldn't allow us in the same room as it without the professor present). Meanwhile, the CS professors continued todraw abnormally low salaries while the campus president voted herself raises (she was well into the high 200k range by the time enough people revolted and threw her out) and the rest of campus services (i.e. internet connectivity, which we relied on to allow students to ssh into the cluster) suffered horribly.
"are you suggesting you can't split your attention between traffic and your cars instrumentation? Maybe we need to reevaluate your ability to safely operate a vehicle"
Which is why you either say "yes, I know how fast I was going" or grin and invoke the 5th amendment.
.. well .. security usually adds complexity to point and click. That's just the way it is.
Yes... to a degree. The issue is that a lot of times the "experts" take it way too far to the point the system slows to an unusable crawl or needlessly hampers the user. To continue with your car analogy, it would be the equivalent of telling *everyone* that they need a car with a standard key lock, an electronic lock, and a password that must be entered before starting the engine (that requires an internet connection to authenticate and will disable the car after 2 incorrect entries). Eventually you cause the user to either get rid of the car and go back to no locks, or rent/borrow a different one in order to do their driving if you force them to keep it. In fact, if I were to be cynical about it, why not just disable their car entirely so that it can't be stolen? They'll have to circumvent policy to actually drive anywhere, but if data gets stolen it's their fault for circumventing policy right? It's absolutely not the fault of the "expert" who gave them an unusable car.
Assuming that we both agree some security is better than no security, and a usable car is preferred, it would be better to recommend that they stop 99% of successful thefts by locking their doors and exercising some common sense about where they leave the car, rather than proposing extreme measures for thwarting 100% of all attempts to steal it.
A lot of the reason people don't listen is that security professionals have done a great job of teaching everyone that increased security is synonymous with a slow, inconvenient, and unusable system. Sort of like that XKCD about password complexity points out.
Would it actually be stuck as unbootable though? I'd expect if the switch was disallowing write access all that would happen is the flash would do nothing and the system would boot back up with the old version.
Or just ship everything in boxes with tamper evident seals, then instruct the end user on inspection of said seals while informing them that anything with a broken seal will be replaced?
So Apple lawlsuit in 3... 2... 1...
We just need to make them more power efficient, so we can stack them up in 3D configurations without overheating.
iirc there was a push to develop a human brain equivalent using specially designed chips (I remember seeing some slashdot stories on it last year). It still took a very large and expensive computing center to run. No matter how you slice it, this stuff isn't going to get down to cheap desktop machines like you seem to think.
The media may exaggerate the current state of machine intelligence, and human level AI is probably at least a few decades away, but there is no rational reason to believe that it won't eventually happen.
We're running out of low hanging fruit for advances in speed (and going to hit hard physics limits soon after that), and things like quantum computers are only good for a small subset of tasks. If it does eventually happen, it's going to take some pretty massive computing clusters to do it. And then who's going to pay billions of dollars in invetments and millions of dollars in yearly maintenance for a single human-equivilant mind?
In reality (and assuming all of this breathless hyperbole about what AI actually is doesn't set it back another 20 years), what I'd expect to see is machine learning become more common everyday consumer areas. Things such as a system where you put a microphone under a cars hood and feed it to a computing cluster, then 10 minutes later it spits out a list of things likely wrong with the engine for the techs to look into.
I've never run out, but I've come quite close a few times.
One particular time I was driving through the desert, passed a town on a low (was reading about a quarter) tank. I realized about 30 miles later that the next place I could stop for gas was still 60 miles ahead. I put 13.8 gallons into a manufacturer claimed 12.6 gallon tank at the next stop, so I'm sure I was close to empty.
I had another one where I left the house on a quarter tank with ~100 mile drive up to a friends house planned. That should have been enough to easily make it to the convenient station just down the street from him, but I hadn't realized how much more mileage making a detour to pick someone up on the way added. Noticed the needle buried in the red about 3/4ths of the way there, took the next exit, filled up, and was back on the freeway again within 5 minutes.
Then there are the countless other times I've driven to work (yay 60 mile commute), then stopped for gas before leaving for home since I knew I'd be risking it to try to make it back on that low of a tank.
It does not consume any power other than keeping the computer alive and the airconditioner/heater.
And the heater is a problem when idling in traffic in the snow. If you run the battery down maintaining a comfortable temperature, it's not like AAA can bring you a little can of electricity to make it to the next charging station where you can fill up and be on your way in a few minutes.
Not only are gas stations more prevalent, but there are also a huge number of other options available if you run a gas powered car out of gas ranging from a passerby letting you siphon some out of their tank to someone driving a can over to you to worst case of having to hike a few miles to the nearest gas station. Run a battery powered car out of battery and your only option is to be towed.
It isn't like I can just pull up at a stranger's house and run an electric cord over.
And the gasoline equivalent would be to walk up and ask for a little can of gas. Which is easily carried by a single person and can get you another 50 miles no problem.
If they can get in past a locked door, they can get into the glovebox. I'm not such a special snowflake that anyone is trying either of these.
Yes but it's one more layer to defeat. It might also keep the casual maliciousness out (say the neighbors kid just read about this cool thing you could do the hack a car). Either way, it's a really simple step with no downsides.
An interface between the OBDII and the bus might slow some of this but it may also screw with diagnostics, it's an interesting idea but it will also increase cost in an industry that tries to shave pennies off of a production run :(
It would be an extra device, just like a hardware firewall. My $30 desktop switch has enough brains to let me configure it to block some basic stuff (like MAC flooding) plus act as a switch. I'm sure it cost a 10th of that before all the retail markups. The cost argument is why I'm fine with the lawsuit. That will give the people who want to design with an eye for security a cost savings argument ($300 worth of chips is potentially cheaper than a massive lawsuit).
As for controllability - I can make thermite at home if I want and I can use the same BT interface you're slapping into an OBDII port for a controller to light the stuff.
Flammables are easy to make. Detonators that are consistent and reliable are hard. I'd be surprised if you could come up with a design that's less work than ordering a $20 device (one that no one would even think twice about you buying, unlike say, thinly shaved magnesium strips) and downloading a program.
Bottom line - why are we so much more worried about this when the capability to do all sorts of wicked things exists already right now at the local hardware store? Why does cyber make it more scary?
Again, because of the controllability and the way it lends itself to casual use. Also, this is exactly the kind of argument people made against securing computers in the 90s, and we're just now getting away from those consequences today. Why not spend a tiny bit of extra effort designing this stuff with a least rudimentary security in mind?
So if your dictator decides he wants to be a DICKtator, your project is in big trouble.
That's the point when you take the source code (that's the whole point of open source right?) and make a new project not managed by an idiot.
The control systems ARE isolated with firewalls, the hacks that have been demonstrated - to my knowledge - have removed those.
That's news to me then. My impression from watching a video a while back of how these worked was that they were simply using the OBDII port to send false signals and/or flooding the bus with so much traffic that the signals couldn't get through. I could have sworn they specifically said that the dash was only apart because they'd been monitoring signals while developing the hacks and couldn't be bothered to put it back together again.
What exactly does "hardening the OBDII port" mean?
Throw an interface in between it and the rest of the car that will do the following:
- Disallow any communication that wouldn't be expected to come from that port. e.g. I would not expect the ABS sensors to talk to the brakes via the OBDII port
- Limit the number of messages sent into the port if it exceeds some threshold (assuming that the attacks relied on spamming messages. But even if not, is there some reason you'd have to flood the bus with messages?)
- Possibly put it somewhere where casual physical access isn't as easy, e.g. inside the glovebox that locks when the doors are also locked.
- Add an indicator to the dash lights to say when something is plugged in and/or diagnostics are being run.
Note that this doesn't do any of the following:
- Hinder your ability to use diagnostic tools to read the values reported by the ECU
- Hinder your ability to access the port
- Cause additional processing on the part of systems other than the firewall between the port and the rest of the network
5mins with a hacksaw blade and I can make sure you lose your brakes or steering, maybe catch the car on fire. Why aren't we armor guarding any of those hoses exactly? Why does "cyber" automatically mean it's a higher threat?
Because as I said before, if you use a hacksaw you have no control over when or where the accident happens. It becomes a higher threat electronically because of controllability, variety, and ease of use.
Hell, you keep mentioning hacking and modifying your own car... do you drive with a bluetooth OBDII interface plugged in so you can log data on your phone? (I did for a while when trying to troubleshoot an airflow issue) Would you still do so knowing that someone could leave a transmitter somewhere near the road just waiting for someone like you to drive by so it could send your car off into a tree for the lulz?
Store each disc and each player in an air-tight compartments so one will not contaminate others.
That's basically what I meant by "vacuum seal". Something like those space bags where you remove most of the air to compress blankets or whatever but aren't necessarily creating an industrial vacuum of just a few torr.
If you don't think they'll go to very much trouble - then you should provide them with the means to replay the data as well as the data itself. There are plenty of small video players (like a cheap digital camera or an MP3 player with video capability) - so long as you pack them appropriately and protect them from crazy temperature variations, they should last a long time in storage and still work at the end. Provide written instructions on what power requirements the machine has - and what buttons to push to access the content.
This is what I was going to suggest. Portable DVD player with a few different DVDs of different brands (in case one uses some kind of corrosive label or something) and vacuum seal it all with some moisture absorbing packs. Take the battery out of the thing and make sure there are some instructions about what kind of input power it needs.
And if I want to cause you to have an accident in your pre-ECU car I can cause substantial damage with some wrenches and a minute.
But what you can't do is cause the tie rod you cut to fail at exactly the point where I'm a hairpin turn along a cliffside road. Or the brakes to fail, steering to quit working, and airbags prematurely detonate as I try to come to a stop from 70mph with a semi truck in front of me. I guess you could put some remote detonated explosive or something on a brake line, airbag sensor, and steering linkages, but how long will it stay there while exposed to road and weather conditions? A disguised bluetooth adapter would have a good chance of sitting there for the life of the car.
I want to maintain the ability to hack/modify my own vehicles.
I do too. I don't think that encryption is necessarily the way to go, but at least some basic stuff like isolating the control systems from the entertainment systems, and hardening the OBDII port against casual exploitation (limit the message rate, inspect for certain kinds of malicious packets, etc.) shouldn't be too hard to do.
Give me a Bluetooth OBDII adapter and I'll show you wireless exploitation. I bet one could be made slim enough that no one would ever notice it plugged in. 5 seconds alone with someones car when they leave the door unlocked (or hell, if an attacker has the knowledge required to send malicious commands to the ECU I bet they have the knowledge to defeat a locked car door. It's not like they need to start the car and drive away).
So what's the best way to foster a welcoming environment while still being able to remove the destructive elements?
Benevolent Dictatorship.
Make it clear from the start to everyone on the project that while you're going to remain hands off as much as possible and let everyone do their thing, you're still the ultimate authority and you won't hesitate to step in and start cracking heads if people start causing drama and/or forget how to be adults and let their disagreements get out of hand.