Future IoT devices (especially consumer devices) should really be self-updating. It's possible with proper encryption to do this safely and securely. Anything that connects to the internet is bound to have exploitable flaws discovered sooner or later, and anything that can't self-patch will never be patched, statistically speaking. I didn't need a study to confirm this (although it's good to have it confirmed). It's blindingly obvious from historical anecdotes and experience. I recall Steve Gibson referring to "The tyranny of the default", meaning that users rarely even change default settings in software, including passwords. Who seriously thinks users would go out of their way to hunt down and apply firmware updates?
I know there's probably resistance to self-updating devices among hard-code* geeks, but I'm talking devices for the masses here. Self-updating and self-patching HAS to become the new norm, like it now is for browsers, another dangerous attack surface. It's herd immunization for the internet.
* I initially mistyped that, but the mistake was funny enough that I left it alone.
I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.
I'm not making light of this, but this was the equivalent of some small time burglary or shoplifting, not some masterful hack bringing down million-dollar businesses. He may have spent more renting the botnet than the site lost because of his attacks. I'd be up for fining him a decent amount, but jail time punishes the taxpayer as well as the criminal, so should be reserved for serious or violent offenders.
Given that the estimated damage was $5000, I'd hope he just gets a rather stiff fine (maybe five to ten times the estimated damages). There's no need for him to be in prison, as he's not a danger to society, although he does need to be punished. The greater value is in letting people know they can't get away with hiring these services without consequences.
For people wishing for law enforcement to go after the botnets themselves, we just had a story from a week ago about international law enforcement removing a very large botnet. They seem to be attacking the problem from both ends, which seems like a reasonable approach.
Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.
I can tolerate music without lyrics, such as classical, soundtracks, or electronic, especially when it helps to cover up noisy nearby conversations. Other than that, for me at least, silence is golden. I'd never presume to inflict my somewhat eclectic tastes on anyone else either, but I don't think it's as bad as a continuous loop!
I'd guess that anything on a loop eventually becomes pure "background noise" to your brain, just like the ticking of a clock or the whirring of a machine, but has the added advantage of drowning out most other distracting noise.
I've never worked in a dev house that doesn't have some kind of music blasting. Usually electronic, sometimes rock or indie - depends what the boss is into usually.
Damn. Does any other dev besides me actually require silence to be able to work? That's especially true when concentrating on solving difficult problems. I've never actually been in an office where they blast music, and I work in the videogame industry which is notoriously casual, even among software developers. I wouldn't last a week.
Besides which, peoples' taste varies so widely that it seems like you're just inflicting pain on everyone but yourself and the few you also share your musical tastes. To me, it's incredibly rude to assume you have the right to inflict your music on everyone else around you.
I want to agree with you in theory (especially about how apps often get made worse for no good reason), but practice, it's simply not practical to leave most software alone - at least, not if you want it to have any sort of reasonable lifetime. The difference is that modern software rarely lives in isolation. The ecosystem on which it runs... the OS, it's system libraries, third party libraries, the tools on which the software was developed... these are all moving forward in time.
If you leave a piece of software alone, it experiences "bit rot" NOT because it's changing, but because everything around it is probably changing. More importantly, the more time occurs between updates, the more difficult those updates tend to be, until it becomes easier to actually rewrite the damned thing, since the original development system on which it was written may not even exist in the same state anymore. You may argue that software shouldn't always be changing, but you might as well ask for the Earth to stop spinning. Security issues alone will force a minimal level of change will occur.
Updating continuously has its pain points, but any issues that come up tend to be smaller issues, and can be dealt with more quickly. For example, just the other day I realized MacOS's system Cocoa libraries slightly changed something which broke my code in a number of places, even though I wasn't doing anything sketchy with the API. But a slight change in definition meant I needed to cast some interfaces explicitly, and add new interface functions to retrieve those explicit interfaces. It was a bit of work to track this down and solve it, even for the relatively small amount of code I was dealing with.
I saw one person on StackExchange say they "solved" it by linking their project against the older version of the library. That "solution" just stacked some technical dept on some poor future programmer, even though it 100% works for now. It may even allow such code to propagate in the future, making the eventual conversion even worse when it happens.
Moreover, leaving functionality alone and patching only security issues becomes a game of maintaining a *very* long history of supported versions of software. How long does support last? Yes, this is the correct answer for some software, but remember that companies generally pay very well for these long-term support versions, even for Linux, because maintaining a current build is expensive (I have some recent experience with this). For most consumers, the simplest and most economical option is just to keep everything up to date, and yeah, that means taking the bad with the good.
also already issued guidelines about securing these systems from unauthorized access.
Have we learned nothing from the internet and its IoT problem?
At a fundamental level, it's incredibly difficult to prevent unauthorized access to a physical device someone owns, and I deeply dislike relying on a signals from other cars that can be jammed, interfered with, or abused. If the internet has taught us anything, it's that people will figure out how to crack damn near everything, and good things will be abused just because. Someone may try to get cars to react to a phantom obstacle just for the lulz, to be recorded and uploaded to YouTube.
Finally... are we even certain such a system would be of any benefit? Before we start legislating or regulating these sorts of systems into existence, let's allow self-driving technology to mature on its own a bit first, and see if this would even be useful. Otherwise we'll pay an extra $350 (or more likely $1000, as someone else rightly observed) tax for hardware that has no practical purpose.
From the article: notable people saved by this maneuver include former President Ronald Reagan, pop star Cher, former New York mayor Edward Koch and Hollywood actors Elizabeth Taylor, Goldie Hawn, Walter Matthau, Carrie Fisher, Jack Lemmon and Marlene Dietrich. An estimated 100,000 people have been saved in the US alone. Heimlich even saved a woman with the technique himself once. He said that he always wondered if he'd be able to perform the maneuver himself.
It's nice to know his name is forever linked with helping to save so many lives. RIP, and condolences to his family.
A good point... free charging may be offered if seen as a bonus for paying customers or clients, or as a perk for employees. Also, this could go hand-in-hand with solar collectors to help offset the long-term costs. Even so, that's a lot of initial up-front capital needed, and the total percentage of e-vehicles is still pretty low (less than 1% I believe), so I still think we'll see a gradual transition that tends to match the growth of this vehicle market.
Even so, I'm always a little leery of relying on "free", if for no other reason than it's more susceptible to bean-counter logic, and liable to disappear without notice.
Ultimately, I think you're correct, but the reality is that we'll be in a transition period over the next few decades as cars wear out and are replaced, and as the price of e-cars continues to drop while their capabilities improve. For instance, I still drive a gas-powered car, because it works fine and is paid off. My next car will almost certainly be electric, but I'd be crazy to voluntarily saddle myself with a big monthly payment for the next few years when I've got a working vehicle.
One reason to be optimistic about the future is that unlike gas pumps, chargers can be placed almost anywhere. As such, we don't have to necessarily constrain ourselves to the "gas station" model. "Vending machines" is probably closer to what we'll see.
But since it's free they are willing to spend an extra 10-20 minutes getting something to eat or whatever, even though the value of the energy is pretty low.
A good point. People, unfortunately, tend to abuse or overuse free resources. But there's also the matter that fueling to 80% capacity is more risky in an e-car when the range is so much lower than with ICE cars (depending on the car, of course), so I'm not sure that's 100% of the answer. I suppose there's also an ingrained habit to fill your car's capacity to 100%, as with gas.
I have a feeling that free electricity is a temporary thing, but for now I think it's important to make switching to electric cars as painless as possible for as many people as is feasible. So perhaps this is a decent compromise. Even if you do happen to go over the time limit, it's not a huge penalty, just a gentle encouragement to be courteous with others' time.
While charging people who linger is a good idea, 5 minutes grace is a bit harsh. 20 minutes would allow you to get the notification (bad signal), return to the car from the nearby shops and move.
Consider that from the perspective of someone waiting in line behind you. 20 minutes is a pretty long time to wait for no reason at all other than that you couldn't be bothered to wait yourself. You do see how that can be perceived as being quite rude, right?
People have smartphones these days. It's not like you can't entertain themselves if you show up a few minutes earlier than your car's predicted charge completion time.
So, generally speaking, you're telling us "if you're renting it, you don't own it, and certainly can't control it." I concur. And I'm always amazing at how people are continuously surprised by this, over and over again.
Microsoft eliminated hardware-level mixing for audio in Vista (even for DirectSound), and in hindsight, it was a very good decision. The problem with hardware mixing is that it kills off a lot of mixing flexibility, and it only was necessary when CPUs were so slow that they would have struggled to mix a few dozen sounds simultaneously. Not only that, it changes the mix between hardware devices and software fallbacks, making it harder to balance things properly.
These days, not only can a CPU handle the mixing overhead, but it can even simultaneously decode compressed the source audio as well, all without even straining much at all. Beyond that, you have more flexibility in how various effects are applied, grouped / submixed, and so on.
I guess I'd be their target market, as I'm both a professional game dev as well as something of an audio systems specialist in past years, but I'd have to know a lot more about the technical details before I'd know if I were interested in this tech or not. At the very least, I'd need to make sure it didn't screw with our carefully tuned audio mix too much. But if helps to provide a consistent audio experience between different speakers and configurations, sure, I could see how that would be useful.
Flamebait? C'mon, that was funny, even for Republicans.
Anyhow, maybe when Twitter actually earns a significant profit (last quarter was their first, I believe?) they can sit at the big boys' table. They're an important company more in stature / mindshare than in their bottom line. I'm pretty sure Trump knows how to read an earnings report.
Heck, I subscribe to five streaming services, and at an average of $10 a month, it's still cheaper than cable. And I only subscribed to Prime because it came with some other Amazon-related goodies. If I didn't have an income, I could drop it down to one or two and still have a good selection of movies for a reasonable price + internet service, which is almost mandatory these days anyhow.
Even so, I'm considering dropping Hulu, since I almost never watch it, and those video bugs they paste in the corner irritate me.
Yes, that was my first reaction. Unfortunately, the less funny and real story is this:
The company argues that the law doesn't apply because...
Typical Uber, huh? I'm always torn when discussing Uber. I dislike the entrenched monopolies of taxis and love the idea of Uber, but damn, those guys really represent the worst of Silicon valley in terms of ethics.
No, the sensors will be integrated into the vehicle and more or less hidden from view. Anything you saw with a visible sensor just meant it was a very early prototype device, and would never come to market designed like that. "Third party system" doesn't mean something bolted on top like aftermarket devices. It just means they'll work with the manufacturer to incorporate that software into the design and manufacturing process.
Google did the right thing here. I always thought their "all or nothing" approach with the car was terribly foolish, even if the underlying tech was impressive.
Yes, it was shit of him to do that and he lost people's trust. He will need to work to get that back. But nothing on most website's warrant the level of controls & reprimand you describe. Yes, have a policy. I would be surprised if there isn't one already. And terminate depending on the level of violation. But beyond that, there is nothing here to get panties all twisted. The guy apologized multiple times and the damage was undone.... move on.
For what he earns as CEO, not tampering with users posts seems like absolute minimal behavior. From my perspective, the issue isn't so much about what he did. The real issue is the appallingly poor judgment he showed in personally committing actions that undermined public trust in the sole product his company creates.
Is that a firing offense? How about putting it another way: Do you think a low-level staffer would get fired over something like this?
Slashdot Mirror
Future IoT devices (especially consumer devices) should really be self-updating. It's possible with proper encryption to do this safely and securely. Anything that connects to the internet is bound to have exploitable flaws discovered sooner or later, and anything that can't self-patch will never be patched, statistically speaking. I didn't need a study to confirm this (although it's good to have it confirmed). It's blindingly obvious from historical anecdotes and experience. I recall Steve Gibson referring to "The tyranny of the default", meaning that users rarely even change default settings in software, including passwords. Who seriously thinks users would go out of their way to hunt down and apply firmware updates?
I know there's probably resistance to self-updating devices among hard-code* geeks, but I'm talking devices for the masses here. Self-updating and self-patching HAS to become the new norm, like it now is for browsers, another dangerous attack surface. It's herd immunization for the internet.
* I initially mistyped that, but the mistake was funny enough that I left it alone.
I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.
I'm not making light of this, but this was the equivalent of some small time burglary or shoplifting, not some masterful hack bringing down million-dollar businesses. He may have spent more renting the botnet than the site lost because of his attacks. I'd be up for fining him a decent amount, but jail time punishes the taxpayer as well as the criminal, so should be reserved for serious or violent offenders.
Given that the estimated damage was $5000, I'd hope he just gets a rather stiff fine (maybe five to ten times the estimated damages). There's no need for him to be in prison, as he's not a danger to society, although he does need to be punished. The greater value is in letting people know they can't get away with hiring these services without consequences.
For people wishing for law enforcement to go after the botnets themselves, we just had a story from a week ago about international law enforcement removing a very large botnet. They seem to be attacking the problem from both ends, which seems like a reasonable approach.
Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.
I can tolerate music without lyrics, such as classical, soundtracks, or electronic, especially when it helps to cover up noisy nearby conversations. Other than that, for me at least, silence is golden. I'd never presume to inflict my somewhat eclectic tastes on anyone else either, but I don't think it's as bad as a continuous loop!
I'd guess that anything on a loop eventually becomes pure "background noise" to your brain, just like the ticking of a clock or the whirring of a machine, but has the added advantage of drowning out most other distracting noise.
I've never worked in a dev house that doesn't have some kind of music blasting. Usually electronic, sometimes rock or indie - depends what the boss is into usually.
Damn. Does any other dev besides me actually require silence to be able to work? That's especially true when concentrating on solving difficult problems. I've never actually been in an office where they blast music, and I work in the videogame industry which is notoriously casual, even among software developers. I wouldn't last a week.
Besides which, peoples' taste varies so widely that it seems like you're just inflicting pain on everyone but yourself and the few you also share your musical tastes. To me, it's incredibly rude to assume you have the right to inflict your music on everyone else around you.
Wars is hell, right? Even in hell, there are some places that are worse than others.
I want to agree with you in theory (especially about how apps often get made worse for no good reason), but practice, it's simply not practical to leave most software alone - at least, not if you want it to have any sort of reasonable lifetime. The difference is that modern software rarely lives in isolation. The ecosystem on which it runs... the OS, it's system libraries, third party libraries, the tools on which the software was developed... these are all moving forward in time.
If you leave a piece of software alone, it experiences "bit rot" NOT because it's changing, but because everything around it is probably changing. More importantly, the more time occurs between updates, the more difficult those updates tend to be, until it becomes easier to actually rewrite the damned thing, since the original development system on which it was written may not even exist in the same state anymore. You may argue that software shouldn't always be changing, but you might as well ask for the Earth to stop spinning. Security issues alone will force a minimal level of change will occur.
Updating continuously has its pain points, but any issues that come up tend to be smaller issues, and can be dealt with more quickly. For example, just the other day I realized MacOS's system Cocoa libraries slightly changed something which broke my code in a number of places, even though I wasn't doing anything sketchy with the API. But a slight change in definition meant I needed to cast some interfaces explicitly, and add new interface functions to retrieve those explicit interfaces. It was a bit of work to track this down and solve it, even for the relatively small amount of code I was dealing with.
I saw one person on StackExchange say they "solved" it by linking their project against the older version of the library. That "solution" just stacked some technical dept on some poor future programmer, even though it 100% works for now. It may even allow such code to propagate in the future, making the eventual conversion even worse when it happens.
Moreover, leaving functionality alone and patching only security issues becomes a game of maintaining a *very* long history of supported versions of software. How long does support last? Yes, this is the correct answer for some software, but remember that companies generally pay very well for these long-term support versions, even for Linux, because maintaining a current build is expensive (I have some recent experience with this). For most consumers, the simplest and most economical option is just to keep everything up to date, and yeah, that means taking the bad with the good.
Slashdot would never allow such blatant duplicates..
Slashdot would never allow such blatant duplicates.
also already issued guidelines about securing these systems from unauthorized access.
Have we learned nothing from the internet and its IoT problem?
At a fundamental level, it's incredibly difficult to prevent unauthorized access to a physical device someone owns, and I deeply dislike relying on a signals from other cars that can be jammed, interfered with, or abused. If the internet has taught us anything, it's that people will figure out how to crack damn near everything, and good things will be abused just because. Someone may try to get cars to react to a phantom obstacle just for the lulz, to be recorded and uploaded to YouTube.
Finally... are we even certain such a system would be of any benefit? Before we start legislating or regulating these sorts of systems into existence, let's allow self-driving technology to mature on its own a bit first, and see if this would even be useful. Otherwise we'll pay an extra $350 (or more likely $1000, as someone else rightly observed) tax for hardware that has no practical purpose.
Absolutely agreed.
From the article: notable people saved by this maneuver include former President Ronald Reagan, pop star Cher, former New York mayor Edward Koch and Hollywood actors Elizabeth Taylor, Goldie Hawn, Walter Matthau, Carrie Fisher, Jack Lemmon and Marlene Dietrich. An estimated 100,000 people have been saved in the US alone. Heimlich even saved a woman with the technique himself once. He said that he always wondered if he'd be able to perform the maneuver himself.
It's nice to know his name is forever linked with helping to save so many lives. RIP, and condolences to his family.
A good point... free charging may be offered if seen as a bonus for paying customers or clients, or as a perk for employees. Also, this could go hand-in-hand with solar collectors to help offset the long-term costs. Even so, that's a lot of initial up-front capital needed, and the total percentage of e-vehicles is still pretty low (less than 1% I believe), so I still think we'll see a gradual transition that tends to match the growth of this vehicle market.
Even so, I'm always a little leery of relying on "free", if for no other reason than it's more susceptible to bean-counter logic, and liable to disappear without notice.
Ultimately, I think you're correct, but the reality is that we'll be in a transition period over the next few decades as cars wear out and are replaced, and as the price of e-cars continues to drop while their capabilities improve. For instance, I still drive a gas-powered car, because it works fine and is paid off. My next car will almost certainly be electric, but I'd be crazy to voluntarily saddle myself with a big monthly payment for the next few years when I've got a working vehicle.
One reason to be optimistic about the future is that unlike gas pumps, chargers can be placed almost anywhere. As such, we don't have to necessarily constrain ourselves to the "gas station" model. "Vending machines" is probably closer to what we'll see.
Also, Chinese officials looked inside and realized "Oh, we pretty much make all of these components. Not much we could learn from this, I guess."
But since it's free they are willing to spend an extra 10-20 minutes getting something to eat or whatever, even though the value of the energy is pretty low.
A good point. People, unfortunately, tend to abuse or overuse free resources. But there's also the matter that fueling to 80% capacity is more risky in an e-car when the range is so much lower than with ICE cars (depending on the car, of course), so I'm not sure that's 100% of the answer. I suppose there's also an ingrained habit to fill your car's capacity to 100%, as with gas.
I have a feeling that free electricity is a temporary thing, but for now I think it's important to make switching to electric cars as painless as possible for as many people as is feasible. So perhaps this is a decent compromise. Even if you do happen to go over the time limit, it's not a huge penalty, just a gentle encouragement to be courteous with others' time.
While charging people who linger is a good idea, 5 minutes grace is a bit harsh. 20 minutes would allow you to get the notification (bad signal), return to the car from the nearby shops and move.
Consider that from the perspective of someone waiting in line behind you. 20 minutes is a pretty long time to wait for no reason at all other than that you couldn't be bothered to wait yourself. You do see how that can be perceived as being quite rude, right?
People have smartphones these days. It's not like you can't entertain themselves if you show up a few minutes earlier than your car's predicted charge completion time.
So, generally speaking, you're telling us "if you're renting it, you don't own it, and certainly can't control it." I concur. And I'm always amazing at how people are continuously surprised by this, over and over again.
Microsoft eliminated hardware-level mixing for audio in Vista (even for DirectSound), and in hindsight, it was a very good decision. The problem with hardware mixing is that it kills off a lot of mixing flexibility, and it only was necessary when CPUs were so slow that they would have struggled to mix a few dozen sounds simultaneously. Not only that, it changes the mix between hardware devices and software fallbacks, making it harder to balance things properly.
These days, not only can a CPU handle the mixing overhead, but it can even simultaneously decode compressed the source audio as well, all without even straining much at all. Beyond that, you have more flexibility in how various effects are applied, grouped / submixed, and so on.
I guess I'd be their target market, as I'm both a professional game dev as well as something of an audio systems specialist in past years, but I'd have to know a lot more about the technical details before I'd know if I were interested in this tech or not. At the very least, I'd need to make sure it didn't screw with our carefully tuned audio mix too much. But if helps to provide a consistent audio experience between different speakers and configurations, sure, I could see how that would be useful.
Flamebait? C'mon, that was funny, even for Republicans.
Anyhow, maybe when Twitter actually earns a significant profit (last quarter was their first, I believe?) they can sit at the big boys' table. They're an important company more in stature / mindshare than in their bottom line. I'm pretty sure Trump knows how to read an earnings report.
He's not in the White House yet, and Trump Tower is his home and center of operations. Where else would you like him to meet with people?
Heck, I subscribe to five streaming services, and at an average of $10 a month, it's still cheaper than cable. And I only subscribed to Prime because it came with some other Amazon-related goodies. If I didn't have an income, I could drop it down to one or two and still have a good selection of movies for a reasonable price + internet service, which is almost mandatory these days anyhow.
Even so, I'm considering dropping Hulu, since I almost never watch it, and those video bugs they paste in the corner irritate me.
Yes, that was my first reaction. Unfortunately, the less funny and real story is this:
The company argues that the law doesn't apply because...
Typical Uber, huh? I'm always torn when discussing Uber. I dislike the entrenched monopolies of taxis and love the idea of Uber, but damn, those guys really represent the worst of Silicon valley in terms of ethics.
No, the sensors will be integrated into the vehicle and more or less hidden from view. Anything you saw with a visible sensor just meant it was a very early prototype device, and would never come to market designed like that. "Third party system" doesn't mean something bolted on top like aftermarket devices. It just means they'll work with the manufacturer to incorporate that software into the design and manufacturing process.
Google did the right thing here. I always thought their "all or nothing" approach with the car was terribly foolish, even if the underlying tech was impressive.
Yes, it was shit of him to do that and he lost people's trust. He will need to work to get that back. But nothing on most website's warrant the level of controls & reprimand you describe. Yes, have a policy. I would be surprised if there isn't one already. And terminate depending on the level of violation. But beyond that, there is nothing here to get panties all twisted. The guy apologized multiple times and the damage was undone.... move on.
For what he earns as CEO, not tampering with users posts seems like absolute minimal behavior. From my perspective, the issue isn't so much about what he did. The real issue is the appallingly poor judgment he showed in personally committing actions that undermined public trust in the sole product his company creates.
Is that a firing offense? How about putting it another way: Do you think a low-level staffer would get fired over something like this?
The sweet irony of posting a complaint of poor editing to the wrong article.
I think the editor moved the post to this article just to get back at GP. If it was good enough for Reddit's CEO, after all...