Right, like I trust Google to be my router/firewall... no way in hell I'd let Google be the gatekeeper for the internet in my house.
Because you can bet your ass they're going to get a lot more visibility into everything you do, and use it for their own purpose.
And I'm sure it will be remotely accessibly when law enforcement demands it and introduce several new security holes as it tries to be so easy to use it fails utterly. Mark my words, this will cause a lot of new problems.
I don't trust Google to do that at all. I use their services from a browser, but letting them be directly in charge of my network? No bloody way in hell.
Their "do no evil" pledge means less with every passing year.
And this is why I think corporations need to have some liability for crap security.
None of this "we forgot", or "it's too hard", or "the CEO insisted on it this way"... no license which says "this software probably sucks, deal with it".
Until then, pretty much every product will be release with bad/non-existent security.
I've been a developer, and I understand deadlines and the like. But then we see instances where the company never fixes things.
Far too much of it really is companies just being lazy and indifferent to security.
Well, in my experience Security 101 is something most people either don't know, or don't bother with.
A tremendous amount of stuff comes out as "oooh, look... shiny", and then you quickly discover security was kind of slapped on at the end, or not done at all.
I've just started assuming that if someone says "hey, I have this thing which uses the network" that it's got security problems.
Honestly, some of my fondest memories of slit screen gaming was with my nephews when they were quite young.
Not everybody gives a damn about FPS games, framerate, or any of that crap.
You thinking that only crazy people wanted split screen means you've got a very limited worldview, and are basically clueless about anybody who isn't you.
Not everybody wants to have a LAN party.
Honestly, the sheer number of basement dwellers who can't fathom the rest of the world around them still astounds me.
Nobody is forcing you to use the mode. But saying there's nobody who might want it is just being a really smug fool.
And you're OK with the endless stream of analytics companies and other assholes monitoring every site you go to so they can monetize everything you do on the internet.
If the sites in question were serving their own ads, then maybe.
But the 15 or 20 (or sometimes 30 or 40) external websites which come along with those ads are just parasites whose business model is predicted on you being willing to let them know everything you do.
And I'm completely not willing to allow that.
Right now on Slashdot as I type this there's no less than 9 external sites who would be getting requests and running scripts if I wasn't actively blocking them. And Slashdot isn't even the worst site out there.
There's simply no way in hell I'm willing to let a bunch of corporations make money of tracking everything I do on the internet, run scripts, embed ads, deliver malware through shady partners, share that information with anybody they choose because they have an EULA... none of it.
It's about FAR more than ads staying in nice places on the screen.
In Chrome install something like HTTP Switchboard, and look at the sheer amount of crap embedded in every page. Flash is an open invitation for dozens of sites you aren't even visiting to allow dozens of their affiliates run arbitrary code on your machine.
Some freedoms are spelled out in the various constitutions of various countries.
And when secret laws and courts pretend those freedoms don't exist, or are optional, then you have a very serious problem.
And these secret laws are doing precisely that... no right to know how or why you're on a no-fly list, no redress, no due process other than "someone somewhere made an unsubstantiated allegation".
Nobody is talking about being completely free. What they're talking about is maintaining the freedoms enshrined in law which are being violated because a process of "because we said so" is in place.
Even in terms of mechanics, consoles are lousy for FPSs: controller vs. K+M; the mouse always wins.
You know, you damned hardcore PC gamers are mostly oblivious to the fact that the rest of the world can't dedicate their lives to a video game, and doesn't place a high value on being super awesome at a FPS in a darkened room.
Of course, the way all consoles are selling now, their target demographic is fast becoming married men who only get to play for an hour or two late at night after the spouse and kids have gone to bed.
Who have more far money than teenagers, and are therefore not a market to just pretend doesn't exist. And those people with kids also want to have games for them, and don't necessarily want them online.
Yes, the hardcore gamer snob is absolutely driving the high end of video games, even if everyone else thinks they're kind of annoying wankers about the whole "if it isn't a K+M it's not a real FPS".
But the married/middle aged gamer who plays now and then or wants a console for the kids to play on is a market segment which would be ignored at the peril of video game companies.
Because a lot of the people who started playing video games in the 80s fall into that category now. They still want to game, aren't going to splash out several grand on a gaming rig, and can only devote so much of their time to gaming.
Mars One is a crock, and nothing but wishful thinking. They have neither the technical know how nor the means to do anything they say.
I don't believe a single thing Mars One says, and even some past candidates have quit and said the selection process was as much about your ability to pay the entry fee as anything else.
In my opinion Mars One is either a really long con, or a serious amount of deluded people thinking they're going to space.
But it sure as hell isn't something anybody but them takes seriously.
So, I had though that at first. But, having seen a picture of the cover of the book, it says:
The water in your village may contain deadly viruses, but each page of this book is a paper filter that will make it safe to drink.
In English and in the local language. I believe the instructions are also on the page.
So, no, they hand made a book of water filters specifically for the purpose of being a book full of water filters.
This isn't a publicity stunt. This doesn't have anything to do with reading it. Or being a paperback
Or pretty much any damned thing you said. It's a lot more than that:
The Drinkable Book not only purifies drinking water, but also contains instructions in each page to educate people about safe water habits. According to researchers, it only costs pennies to produce and one filter can purify up to 100 liters of water.
It's something designed to save lives in some of the poorest parts of the world by providing a means of getting clean water.
Seriously, RTFA now and then. This is pretty much the opposite of a pointless publicity stunt.
Sure, but when you're talking about quantities like that, it crashes the market. Who can buy a quadrillion dollars' worth of anything?
Shhh... don't say that... or the copyright cartels will have to explain how they've lost more to piracy than the next 100 years of the economic output of planet Earth. Stock valuations will have to be reconsidered. Executive bonuses recalculated.
There are business models which rely heavily on made up projections of value.
Business models!! Don't go messing with business models.
You go around saying they're completely absurd and made up and they'll lock you up or something.
Maybe he's one of those wacky future looking people who is interested in getting scarce resources less scarce, and less in the hands of corporations worried about the cost per KWh for the consumer?
In which case it's not so much of a business plan, as a future direction for humans to solve our energy problems because the sun makes more than we could ever need.
And then the MBAs and CEOs will come in and fuck it up and try to figure out how maximize return on investment and shareholder value.
Well, in fairness... are you claiming to be the majority of readers on Slashdot? Because that would be pretty bold of you.
Certainly other people have heard of them. I've heard of them. At least one other poster seems to have heard of them. Google has heard of them. So one guy says he's never heard of them and they don't exist? How do I get that job?
To reiterate the rather crude point of the AC... we don't care what you had for lunch either. That you don't know who they are is, as a metric of their utility or influence, almost meaningless.
They exist independent of if you know of them or not.
Obviously it is designed to be remotely accessible. I got that.
The question is if that is exploitable. I would argue anything accessible is exploitable.
Whether or not GM built any security into it, who knows?
For me, if it has remote connectivity, the likelihood of having security holes goes up.
But having a car which has no remote connectivity of any form limits people more to physical access. But even cars without remote connectivity have keyless entry, and I'm pretty sure we've seen articles saying that can be exploited.
How you as a consumer know your car is safe from hacking? I'm not sure you can, short of having a car without features like OnStar -- for all the reasons you cite.
Me, I assume OnStar already is, or is likely to, vulnerable to remote hacking precisely because it has its own communications technology on board.
And, I'm sure in no way similar to all of these new consumer electronics which want to connect to the intertubes.. none of which would use default passwords, store unencrypted data, send passwords in plaintext over a network... hmmmm, wait a minute.
My current rule is: is it a piece of consumer electronics? If it is, it probably has gaping security holes in it.
If it's designed to connect to a network, be remotely accessed, and installed by non-technical people, recent history says it's probably not secure.
Your choices are to live in blissful ignorance and pretend nothing will happen, live in the hope that it won't happen to you even if it's theoretically possible, or don't use it at all.
I'm not really sure you can take steps to know any of those things are actually secure without some pretty specialized knowledge. And even then I'm not sure.
Bah, the amateurs stand outside with the slim-Jim.
The pros just show up with a flatbed tow truck, and nobody pays them any attention.
Given enough security exploits, it'll be a cheap device running on a Raspberry Pi which you can download from the internet and know you can get any car which is vulnerable.
And somehow I don't think it will be so long before there's some cars on the road which can get jacked in a short time by someone with the right bit of gear. Because we've all seen how epic security exploits can become if the vendor is lazy enough.
Especially when you can use the DMCA to force people to not tell anybody about it.
The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".
Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".
If the last decade or so has taught us anything, it's that if it can be hacked, it will be... and if it's worth doing, it will be done.
Pretending like the security risks aren't real because you're a low value target ignores the fact that if there's money to be made. The more automated it can be made, the more it will happen.
As to the OP's question -- there is no standards body, everything is closed/proprietary, and the corporations aren't going to say up front "yeah, the following cars are totally hackable". They're going to hide this as much as possible.
I'm just not sure short of following every news story for every company and hoping and guessing you've got a hope in hell of finding this in a way that will be useful.
Right now, cars are pretty much like every other consumer device.. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. Which means they don't have a culture of security, accumulated best practices, or anybody telling them the minimum they're allowed to do.
If you're that worried about getting hacked, buy a car which is a few years old and doesn't have as much electronics in it.
Beyond that... I'm not sure how you are going to know what's hackable.
Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
And at a certain point you have to realize the people in these jobs are humans, need to stop and catch their breath, think for a bit, stretch, pee, and interact with their colleagues.
Any corporation trying to achieve 100% engagement all day every day has no concept of the kinds of tasks their employees do and will only make productivity worse by trying to do it.
My general belief is the more a company uses metrics the worse it is to work for.
Well, I guess that depends... if they get a tax break for this write down, then it's not just a write down.
If they do get a tax break, then expect a slew of corporations to start meddling in education, failing, and then taking their tax break and leaving.
If corporations are risking their own money, great. If they're just passing the buck back to the taxpayers, all they're really doing is diverting money for their own purposes.
Because in the real world, if you can't have air superiority, you can't occupy the area... and despite theorists who say you'll never need to dogfight because it's old fashioned, you might find in the real world the people you're up against don't play by your doctrine.
If your enemy doesn't give a damn that you think dogfighting is too old fashioned, you will get your ass kicked.
So, much like "shock and awe" didn't work as played out in boardrooms, there is a real chance that in an actual conflict with Russia, or China, or people who have bought hardware from them... that in a real shooting war you get your ass handed to you.
And when you realize you lose the dogfights you got told would never happen again, you no longer have the right tools for the job.
Reality has a pesky way of not playing out like the theorists say.
So, like in Syria you can't simply drop bombs and control the situation on the ground, lack of the ability to win a dogfight has a good chance of leaving gaping holes in your plan.
Just like the Brits got all out of sorts that the Americans didn't like up in brightly colored tunics to be easily shot, the people you're fighting against don't always give a damn about your plan and sense of the rules.
And don't pretend getting into a shooting war with Russia or China is impossible. Look around you. Suddenly the cold war isn't quite so over.
Good luck with that. It's illegal when you or I do it.
But due to the magic of EULAs, and corporations buying the laws they want from the politicians... there's no way in hell Microsoft will be pursued by the DOJ.
The system is corrupt and stacked in favor of the corporations. And they can do any damned thing they want to.
Translation: stop pretending there are actual 'rules' of English, instead of guidelines, guesses, exceptions, and people making shit up as they go which often runs contrary to several other things.
English isn't Greek, and it isn't Latin.
The 'correct' way to do something English is seldom anything more than convention.
Slashdot Mirror
Ahhh ... Pinky
How does Google have your entire browsing history?
They know what you search for, and they know what sites you visit if you're stupid enough to let things like google-analytics not be blocked.
With this device they will, but right now Google sure as hell doesn't know your entire browsing history. The internet doesn't work that way.
Right, like I trust Google to be my router/firewall ... no way in hell I'd let Google be the gatekeeper for the internet in my house.
Because you can bet your ass they're going to get a lot more visibility into everything you do, and use it for their own purpose.
And I'm sure it will be remotely accessibly when law enforcement demands it and introduce several new security holes as it tries to be so easy to use it fails utterly. Mark my words, this will cause a lot of new problems.
I don't trust Google to do that at all. I use their services from a browser, but letting them be directly in charge of my network? No bloody way in hell.
Their "do no evil" pledge means less with every passing year.
And this is why I think corporations need to have some liability for crap security.
None of this "we forgot", or "it's too hard", or "the CEO insisted on it this way" ... no license which says "this software probably sucks, deal with it".
Until then, pretty much every product will be release with bad/non-existent security.
I've been a developer, and I understand deadlines and the like. But then we see instances where the company never fixes things.
Far too much of it really is companies just being lazy and indifferent to security.
Well, in my experience Security 101 is something most people either don't know, or don't bother with.
A tremendous amount of stuff comes out as "oooh, look ... shiny", and then you quickly discover security was kind of slapped on at the end, or not done at all.
I've just started assuming that if someone says "hey, I have this thing which uses the network" that it's got security problems.
Sadly, I keep getting proven right.
Honestly, some of my fondest memories of slit screen gaming was with my nephews when they were quite young.
Not everybody gives a damn about FPS games, framerate, or any of that crap.
You thinking that only crazy people wanted split screen means you've got a very limited worldview, and are basically clueless about anybody who isn't you.
Not everybody wants to have a LAN party.
Honestly, the sheer number of basement dwellers who can't fathom the rest of the world around them still astounds me.
Nobody is forcing you to use the mode. But saying there's nobody who might want it is just being a really smug fool.
And you're OK with the endless stream of analytics companies and other assholes monitoring every site you go to so they can monetize everything you do on the internet.
If the sites in question were serving their own ads, then maybe.
But the 15 or 20 (or sometimes 30 or 40) external websites which come along with those ads are just parasites whose business model is predicted on you being willing to let them know everything you do.
And I'm completely not willing to allow that.
Right now on Slashdot as I type this there's no less than 9 external sites who would be getting requests and running scripts if I wasn't actively blocking them. And Slashdot isn't even the worst site out there.
There's simply no way in hell I'm willing to let a bunch of corporations make money of tracking everything I do on the internet, run scripts, embed ads, deliver malware through shady partners, share that information with anybody they choose because they have an EULA ... none of it.
It's about FAR more than ads staying in nice places on the screen.
In Chrome install something like HTTP Switchboard, and look at the sheer amount of crap embedded in every page. Flash is an open invitation for dozens of sites you aren't even visiting to allow dozens of their affiliates run arbitrary code on your machine.
Some freedoms are spelled out in the various constitutions of various countries.
And when secret laws and courts pretend those freedoms don't exist, or are optional, then you have a very serious problem.
And these secret laws are doing precisely that ... no right to know how or why you're on a no-fly list, no redress, no due process other than "someone somewhere made an unsubstantiated allegation".
Nobody is talking about being completely free. What they're talking about is maintaining the freedoms enshrined in law which are being violated because a process of "because we said so" is in place.
You know, you damned hardcore PC gamers are mostly oblivious to the fact that the rest of the world can't dedicate their lives to a video game, and doesn't place a high value on being super awesome at a FPS in a darkened room.
Who have more far money than teenagers, and are therefore not a market to just pretend doesn't exist. And those people with kids also want to have games for them, and don't necessarily want them online.
Yes, the hardcore gamer snob is absolutely driving the high end of video games, even if everyone else thinks they're kind of annoying wankers about the whole "if it isn't a K+M it's not a real FPS".
But the married/middle aged gamer who plays now and then or wants a console for the kids to play on is a market segment which would be ignored at the peril of video game companies.
Because a lot of the people who started playing video games in the 80s fall into that category now. They still want to game, aren't going to splash out several grand on a gaming rig, and can only devote so much of their time to gaming.
How about maintaining CEO salary?
Mars One is a crock, and nothing but wishful thinking. They have neither the technical know how nor the means to do anything they say.
I don't believe a single thing Mars One says, and even some past candidates have quit and said the selection process was as much about your ability to pay the entry fee as anything else.
In my opinion Mars One is either a really long con, or a serious amount of deluded people thinking they're going to space.
But it sure as hell isn't something anybody but them takes seriously.
So, I had though that at first. But, having seen a picture of the cover of the book, it says:
In English and in the local language. I believe the instructions are also on the page.
So, no, they hand made a book of water filters specifically for the purpose of being a book full of water filters.
This isn't a publicity stunt. This doesn't have anything to do with reading it. Or being a paperback
Or pretty much any damned thing you said. It's a lot more than that:
It's something designed to save lives in some of the poorest parts of the world by providing a means of getting clean water.
Seriously, RTFA now and then. This is pretty much the opposite of a pointless publicity stunt.
Shhh ... don't say that ... or the copyright cartels will have to explain how they've lost more to piracy than the next 100 years of the economic output of planet Earth. Stock valuations will have to be reconsidered. Executive bonuses recalculated.
There are business models which rely heavily on made up projections of value.
Business models!! Don't go messing with business models.
You go around saying they're completely absurd and made up and they'll lock you up or something.
Maybe he's one of those wacky future looking people who is interested in getting scarce resources less scarce, and less in the hands of corporations worried about the cost per KWh for the consumer?
In which case it's not so much of a business plan, as a future direction for humans to solve our energy problems because the sun makes more than we could ever need.
And then the MBAs and CEOs will come in and fuck it up and try to figure out how maximize return on investment and shareholder value.
Well, in fairness ... are you claiming to be the majority of readers on Slashdot? Because that would be pretty bold of you.
Certainly other people have heard of them. I've heard of them. At least one other poster seems to have heard of them. Google has heard of them. So one guy says he's never heard of them and they don't exist? How do I get that job?
To reiterate the rather crude point of the AC ... we don't care what you had for lunch either. That you don't know who they are is, as a metric of their utility or influence, almost meaningless.
They exist independent of if you know of them or not.
Obviously it is designed to be remotely accessible. I got that.
The question is if that is exploitable. I would argue anything accessible is exploitable.
Whether or not GM built any security into it, who knows?
For me, if it has remote connectivity, the likelihood of having security holes goes up.
But having a car which has no remote connectivity of any form limits people more to physical access. But even cars without remote connectivity have keyless entry, and I'm pretty sure we've seen articles saying that can be exploited.
How you as a consumer know your car is safe from hacking? I'm not sure you can, short of having a car without features like OnStar -- for all the reasons you cite.
Me, I assume OnStar already is, or is likely to, vulnerable to remote hacking precisely because it has its own communications technology on board.
Wow, that's pretty terrible.
And, I'm sure in no way similar to all of these new consumer electronics which want to connect to the intertubes .. none of which would use default passwords, store unencrypted data, send passwords in plaintext over a network ... hmmmm, wait a minute.
The answer is, you don't.
My current rule is: is it a piece of consumer electronics? If it is, it probably has gaping security holes in it.
If it's designed to connect to a network, be remotely accessed, and installed by non-technical people, recent history says it's probably not secure.
Your choices are to live in blissful ignorance and pretend nothing will happen, live in the hope that it won't happen to you even if it's theoretically possible, or don't use it at all.
I'm not really sure you can take steps to know any of those things are actually secure without some pretty specialized knowledge. And even then I'm not sure.
Bah, the amateurs stand outside with the slim-Jim.
The pros just show up with a flatbed tow truck, and nobody pays them any attention.
Given enough security exploits, it'll be a cheap device running on a Raspberry Pi which you can download from the internet and know you can get any car which is vulnerable.
And somehow I don't think it will be so long before there's some cars on the road which can get jacked in a short time by someone with the right bit of gear. Because we've all seen how epic security exploits can become if the vendor is lazy enough.
Especially when you can use the DMCA to force people to not tell anybody about it.
Well, that's one way of looking at it.
The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone ... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".
Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".
If the last decade or so has taught us anything, it's that if it can be hacked, it will be ... and if it's worth doing, it will be done.
Pretending like the security risks aren't real because you're a low value target ignores the fact that if there's money to be made. The more automated it can be made, the more it will happen.
As to the OP's question -- there is no standards body, everything is closed/proprietary, and the corporations aren't going to say up front "yeah, the following cars are totally hackable". They're going to hide this as much as possible.
I'm just not sure short of following every news story for every company and hoping and guessing you've got a hope in hell of finding this in a way that will be useful.
Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. Which means they don't have a culture of security, accumulated best practices, or anybody telling them the minimum they're allowed to do.
If you're that worried about getting hacked, buy a car which is a few years old and doesn't have as much electronics in it.
Beyond that ... I'm not sure how you are going to know what's hackable.
Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
And at a certain point you have to realize the people in these jobs are humans, need to stop and catch their breath, think for a bit, stretch, pee, and interact with their colleagues.
Any corporation trying to achieve 100% engagement all day every day has no concept of the kinds of tasks their employees do and will only make productivity worse by trying to do it.
My general belief is the more a company uses metrics the worse it is to work for.
Well, I guess that depends ... if they get a tax break for this write down, then it's not just a write down.
If they do get a tax break, then expect a slew of corporations to start meddling in education, failing, and then taking their tax break and leaving.
If corporations are risking their own money, great. If they're just passing the buck back to the taxpayers, all they're really doing is diverting money for their own purposes.
Because in the real world, if you can't have air superiority, you can't occupy the area ... and despite theorists who say you'll never need to dogfight because it's old fashioned, you might find in the real world the people you're up against don't play by your doctrine.
If your enemy doesn't give a damn that you think dogfighting is too old fashioned, you will get your ass kicked.
So, much like "shock and awe" didn't work as played out in boardrooms, there is a real chance that in an actual conflict with Russia, or China, or people who have bought hardware from them ... that in a real shooting war you get your ass handed to you.
And when you realize you lose the dogfights you got told would never happen again, you no longer have the right tools for the job.
Reality has a pesky way of not playing out like the theorists say.
So, like in Syria you can't simply drop bombs and control the situation on the ground, lack of the ability to win a dogfight has a good chance of leaving gaping holes in your plan.
Just like the Brits got all out of sorts that the Americans didn't like up in brightly colored tunics to be easily shot, the people you're fighting against don't always give a damn about your plan and sense of the rules.
And don't pretend getting into a shooting war with Russia or China is impossible. Look around you. Suddenly the cold war isn't quite so over.
Having once bought 16K of RAM for a TRS-80 color computer ... that cost you, what, eleventy-six trillion dollars?
Good luck with that. It's illegal when you or I do it.
But due to the magic of EULAs, and corporations buying the laws they want from the politicians ... there's no way in hell Microsoft will be pursued by the DOJ.
The system is corrupt and stacked in favor of the corporations. And they can do any damned thing they want to.
Translation: stop pretending there are actual 'rules' of English, instead of guidelines, guesses, exceptions, and people making shit up as they go which often runs contrary to several other things.
English isn't Greek, and it isn't Latin.
The 'correct' way to do something English is seldom anything more than convention.