from the you-can't-make-this-stuff-up dept.
A trade magazine, http://www.todaysmotorvehicles.com/article/5-myths-about-connected-cars/ ran this article by Shaun Kirby, Cisco Consulting CTO, "5 Myths About Connected Cars". Haven't read anything this funny all year, some clips include:
Myth: Securing connected cars requires breakthroughs in security technology.
Fact: Connected cars are extremely complex, with many sensors, computers, and networks, along with an ever-growing list of features. Fortunately, technologies already exist that have proven effective in securing some of the largest enterprise information technology (IT) infrastructures. Existing technologies are well equipped to keep drivers and their data safe now and into the future.
...and this one, the punch line at the end had me rolling in the aisle:
Myth: Automakers are responsibile for securing connected cars.
Fact: The vehicle manufacturer is just one link in the security chain. Multiple tiers of suppliers, dealerships, developers of aftermarket devices and services, regulatory bodies, and other industries creating devices and services that interact with connected cars are all responsible for keeping cars and drivers safe and secure.
It is especially important for third parties who provide connected car applications to have secure infrastructures. For instance, a mall operator installing vehicle-to-infrastructure units to guide heavy traffic to optimal parking spots will need to ensure that all the proper security controls are in place.
(Score: 2) by Arik on Monday September 11 2017, @06:43AM (8 children)
How would third parties add all this value if the car was secure?
They'll all be perfectly upright and rest assured, mr auto maker, they will worry about security so you don't have to.
Thanks, yeah, this was a riot.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Monday September 11 2017, @06:50AM (7 children)
Not to mention that the cars are almost certainly going to run 100% non-free proprietary user-subjugating software. Have fun with all the spying, digital restrictions management, and backdoors! To some extent, these problems already exist in current vehicles, but I imagine the problem will only get worse from here on.
(Score: 3, Insightful) by The Mighty Buzzard on Monday September 11 2017, @10:01AM (3 children)
I'd worry about that for my next car but I doubt I'll have a next car. I'm in my 40s, own a non-connected Toyota with under 500K miles on it, and drive less than 7K miles a year, so I should be good for the rest of my life.
If necessary though, I'm fully willing and able to buy an old 50s or 60s car and restore it entirely by myself. I'd likely have to buy some new tools but I shall persevere through such tribulations should they come.
My rights don't end where your fear begins.
(Score: 3, Insightful) by fraxinus-tree on Monday September 11 2017, @01:10PM (1 child)
Cars from '70, '80 are perfectly OK in "security" sense. Most of '90 and '00, too. Well, thieves are some concern, but they tend to work on modern cars.
(Score: 0) by Anonymous Coward on Monday September 11 2017, @01:16PM
90's (and some earlier?) tend to have first generation airbags -- these are fine if you are "in position" for a frontal crash and if you are large. Not good if you are a smaller/lighter person, the first gen bags are quite powerful.
(Score: 2) by JeanCroix on Monday September 11 2017, @07:54PM
(Score: 0, Funny) by kurenai.tsubasa on Monday September 11 2017, @02:42PM (2 children)
It'll be interesting to see where the misogynerd narrative goes given that cars are only going to have more and more software as time marches on.
The catch-22 that the misogynerd narrative currently relies on is this. All assigned males who use GNU + Linux/BSD/(What else? Haiku? Hurd?) continue to be pervasively labeled in the media and on the ground as misogynists. The idea is to build off the old narrative that these systems are user-unfriendly.
(Perhaps because hardware manufacturers have little, if any, respect for standards like say HID, sometimes we need to edit our kernel of choice's source code so that, say, a new mouse we just bought, which likely relies on a bug or oversight in M$'s HID parser, will function with free software—often gratis, but libre is what empowers even a lowly end user with no kernel development creds, like yours truly, to add to her kernel's functionality.)
Now, not only does the capability of being empowered to edit one's own kernel constitute “not user friendly,” but, perhaps with some help from Sandra Harding [wikipedia.org]'s notion that maths constitute violent sexual assault, this capability is now, in a flourish of doublethink (because I simply cannot comprehend how being empowered are these things), anti-feminist and misogynist.
Feminism has decided to side with proprietary software vendors. Why? If there is proprietary software everywhere, and assigned males may not change how that software works or fix its bugs, it's that much easier to hold all 3.6 billion assigned males collectively and severally accountable for the bugs that impact womyn-born-womyn's use of said software. Anybody who is going to assert that feminists don't do that is a damned liar, because I've been held personally accountable to my face more than enough times for problems in proprietary software.
Anyway, where I'm going with this is that as cars get more and more software, feminism will encourage that software to be proprietary. GNU is misogynist. Being empowered with ownership of one's own devices, including the software, is anti-feminist. I'll be disappointed if feminists don't conjure up some wild-eyed rape scenario where, if the software on our cars were to be free libre software, one of those dastardly assigned males would replace a perfect, innocent princess' car software with an altered version that does something like lock her inside of her car. Or something. Proprietary software and security through obscurity, feminism will say, is what's empowering to women.
Womyn-born-womyn may also find they've always been at war with Eurasia, but I digress.
Then when the inevitable hacks happen to the proprietary software running all our cars, guess who feminists will blame? That's right! All 3.6 billion assigned males on the planet, collectively and severally, same as happens to me to my face, for failing at creating quality software. The Lovelace cudgel will come out, and we'll get to hear how, because the first “programmer” (visionary and mathematician if you ask me, but it's not her fault she was stuck in the 1830s so could not truly be a “programmer”) was a womyn-born-womyn, that by way of sympathetic magic [wikipedia.org], if only womyn-born-womyn were able to work on software, software would have no bugs!
(Libre software would be feminist software, if only feminists were not pathological liars about their goals.)
Where it really gets interesting is when most of us assigned males get fed up with proprietary shit software in our rides, and if we are unable to break the DRM, we exclusively buy and maintain cars built before say 1990 or someodd. Then we'll hear all about how you can spot a rapist misogynerd from a mile away just by checking what year their car is, and how all assigned males who own cars made before 1990 are just awful, horrible, no good, very bad people. And sexually frustrated. Can't ever forget the sexually frustrated part. Can't ever forget the homophobia. If you're an assigned male, and you drive a car made before 1990, you're a sexually frustrated dork who can't get laid!
At least remember to snicker a bit when this happens and suddenly a guy with a wife and kids who drives a nice classic Mustang say, becomes a sexually frustrated rapist who can't get laid and is probably an AIDS-infested secret gay to boot.
(Score: 5, Funny) by http on Monday September 11 2017, @03:59PM (1 child)
OK, I admit it. You've got the time to type out all this stuff, and clearly have access to better drug dealers than I do.
What's the real secret to making money online?
I browse at -1 when I have mod points. It's unsettling.
(Score: 3, Funny) by kurenai.tsubasa on Monday September 11 2017, @04:09PM
Only buy American, and insist on locally grown organic heirloom varieties. If Monsanto or Big Alcohol/Tobacco is starting to get involved in the production of your drug of choice, beware!
Easy! Obviously time travel is involved. You have to go to just after Bitcoin opened to mining (back before you needed ASICs to mine), mine some bitcoins, take your wallet back to the future, and sell at any point in time Bitcoins are trading at four to five figures!
I thought everybody knew these things!
(Score: 0) by Anonymous Coward on Monday September 11 2017, @07:12AM (2 children)
I cannot see anything wrong with the first quoted one. We indeed know how a connected car could be made safe: Don't allow remote access to security-critical features, physically separate anything security critical from anything connected to the network, use encryption and cryptographic authentication, and provide direct connections with the users instead of passing the data through the cloud.
Of course we also know perfectly well that those measures won't be ever applied.
(Score: 4, Informative) by shrewdsheep on Monday September 11 2017, @08:27AM (1 child)
The problem is that the security risk is on another layer. A third party might be effectively shut out, however, the communication between the two parties itself is a security risk. Connected cars supposedly react to each other to optimize total traffic flow. Allowing that type of influence is a big security risk. If you argue that we have the chains of trust, I would counter-argue that this has indeed not been solved to a satisfying degree. I might be convinced that the counter-party runs software signed by a certain vendor, but I would not be convinced that this is a safe algorithm. Also doing the public-key handshaking in real-time (i.e. micro-seconds) would not be a solved technical issue.
(Score: 4, Interesting) by VLM on Monday September 11 2017, @12:01PM
A small comment that I've lived thru ISDN and dot net and a couple other "big pushes" and much like "internet of things" I suspect "connected cars" will initially have marketing imply it means everything including the kitchen sink and the sun never sets on the empire, and a couple years in it'll mean something microscopic compared to the original grandiose illusions.
"Connected car" will eventually mean something as small and insignificant as a hole in the glove compartment with a USB charger for a toll road transponder. Or it'll mean as little as the radio connects via bluetooth.
Remember that ISDN was going to be top to bottom OSI layers 1-7 inclusive sweeping change, and it ended up being a faster dialup, nothing more to the general public (in the telco biz it meant bye bye E+M signalling on analog T1 and hello 23B+1D signalling, but what happens between telcos and PBX operators remains between telcos and PBX operators...)
(Score: 5, Insightful) by jimtheowl on Monday September 11 2017, @07:53AM (3 children)
So this is not a Myth. By their own words, their aim is to ease concerns, not to address the issue. Options can and will be ignored, as they have been with closed source software, whenever industry has had the option to self regulate. The 2016 IBV study is a plan to win the consumers over, not to address the actual privacy issue.
One could think that marketing prohibits honest discussions.
There are positives to be considered for the system, but it would be nice to tone down the condescending bullshit.
(Score: 2) by FakeBeldin on Monday September 11 2017, @09:25AM (2 children)
My take was that the submitter intended this as an "if you're not laughing about this, you'd be crying about this" situation.
Agreed, but I don't think Cisco's Shaun Kirby is hanging around here, so I doubt he will.
(Score: 3, Insightful) by Anonymous Coward on Monday September 11 2017, @11:49AM (1 child)
> the submitter intended this as an "if you're not laughing about this, you'd be crying about this" situation.
Submitter AC here -- this is the correct interpretation. The original article linked (by the Cisco manager) is written to be perfectly straight. As I read it, the contents struck me as completely unrealistic. The disconnect is what makes it funny.
Yes, I probably should have added a little more to explain my warped sense of humor, but then again, isn't this why we have editors?
(Score: 2) by bob_super on Monday September 11 2017, @06:58PM
Most of us got it.
(Score: 0) by Anonymous Coward on Monday September 11 2017, @08:04AM (3 children)
One switch. Not the "ignition", that is a relay. One switch. It is labelled: NITRO! And then, we go. No telemetry, no OnStar, No Stingray, just pure speed, down the road, tits up and hell to pay for leather. Not to be Mediocre!! Warboys, ya'all!!
(Score: 0) by Anonymous Coward on Monday September 11 2017, @09:27AM (2 children)
No electronic brakeforce distribution.
(Score: 3, Touché) by ewk on Monday September 11 2017, @09:41AM (1 child)
Make that "No brakes"...
After all having to brake just means you did not judge the other traffic appropriately... :-)
I don't always react, but when I do, I do it on SoylentNews
(Score: 2) by qzm on Monday September 11 2017, @10:25AM
The other traffic IS brakes..
And airbag, assuming you are significantly larger.
Of course, only once.
(Score: 5, Insightful) by shortscreen on Monday September 11 2017, @09:24AM (11 children)
Despite my best efforts to avoid it, I regularly have to put up with terrible software. From websites, to industrial machines. My impression is that low quality software is the norm rather than the exception. The trend of more software appearing in more products does not excite me.
As far as cars, I already refuse to buy anything with OBD (I've never owned anything newer than an '87 model year). A check engine light will result in failure to pass the mandatory state inspection. The light is controlled by proprietary software. So basically, this software has the authority to affect the legal status of the car without notice, and that is utter insanity.
(Score: 4, Insightful) by Arik on Monday September 11 2017, @10:21AM
If laughter is the best medicine, who are the best doctors?
(Score: 1, Interesting) by Anonymous Coward on Monday September 11 2017, @12:04PM (1 child)
Thank you, + mods well deserved. I have a couple of older cars and both have turned on the check engine light, one several times over the years. As the annual state inspection rolls around, I start to get nervous, will it stay off long enough to pass another year? How much will it cost this time? If the light is on for a one-time anomaly (like a mis-fire) and I "clear all codes" using a cheap OBD reader, will it stay off long enough to pass? (usually not)
Once it was just the gas cap seal (evaporative emissions) -- which visibly looked and felt the same as the replacement, but the new cap didn't trigger the light. Another time there were 20+ codes thrown, turned out to be a working battery that couldn't maintain enough voltage (while cranking) to keep one of the computers happy.
I'd love to run a pre-OBD car, but here we have lots of salt on the roads in winter. Older cars were not rustproofed like newer cars (including galvanized sheet metal and stainless exhaust systems) and there are very few of those cars left. Most of the older cars I see are only used in summer.
My bicycle works great for shorter errands. As others have noted, one easy way to keep a car a long time is to not use it very much...
(Score: 2) by bob_super on Monday September 11 2017, @07:07PM
Places like Paris have started banning cars that are too old from entering the city altogether (not that anyone should ever drive in Paris).
If your car is too old to have computers, it's also polluting more than a battalion of newer cars. That's not a bad excuse.
If you want your car to be safe, just clip the antennas and don't connect your phone to it. Connected cars are an idiocy; the easy answer is to air-gap.
Spurious error codes? Yeah, they suck. But most error codes do save you hours, of tying to figure out from your non-techie S.O., whether it was a "ping" or a "pop" before the engine croaked.
(Score: 5, Interesting) by VLM on Monday September 11 2017, @12:09PM (2 children)
You probably mean ODB-II.
I had the misfortune of owning a pre-ODB-II car and not only was the software proprietary but the idiot light was non-standard, so every model out there interfaced differently, paper clip these wires on this car to watch that bulb morse code some code it was technically illegal for you to know what it means.
At least with my ODB-II cars I've been using the same cheap code scanner for 10+ years and now I use a $15 bluetooth scanner on my phone for a couple years and its worked pretty well for identifying parts to replace.
People will claim the OBD-II codes tell you exactly what to replace which technically isn't true. I had one situation where the readiness indicators wouldn't ever clear, total WTF, turns out if I watch the coolant temp it never goes above Z degrees where the readiness indicator doesn't detect "engine all warmed up" until Z+5 degrees. Wasn't a sensor problem; replaced the stuck open thermostat and all was well.
Another time I had a Saturn which output camshaft position sensor failures or some ridiculous similar thing, which is funny because the saturns don't have camshaft position sensors. Thats their funny "saturn speak" way of reporting misfires. Usually this means the coil packs connections are corroded or the plug wires are worn out, which fixed it.
(Score: 0) by Anonymous Coward on Monday September 11 2017, @08:16PM (1 child)
It's OBD (On-Board Diagnostics).
If you use an initialism, especially one that isn't clearly pronounceable, [soylentnews.org] you should double-check that you spelled it properly every time.
If you don't, people may copy [soylentnews.org] your incorrect usage and make useful things harder to find when using a search engine.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Gaaark on Monday September 11 2017, @09:28PM
It's a problem with his OCD.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 5, Interesting) by crafoo on Monday September 11 2017, @01:11PM (1 child)
The software controlling my radio/CD/etc and display crashes regularly in my car - at least once a day. Screen goes black, system reboots itself. The audio keeps playing though. Sometimes the graphic indicators for volume get stuck and go blank. Bluetooth connectivity is a joke. Sometimes it works. Sometimes it doesn't. But you ALWAYS have to go 3 levels deep in a menu using [enter] and arrow buttons to even attempt to make it work. After every ignition switch cycle.
Trash software is everywhere. I agree. I don't think the world is better for it. I remember analog systems that were fast, responsive, bullet proof (sometimes literally), didn't have coarse, digital discrete stepping, and was usable. We are going backwards.
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @11:08PM
They have a really nice twin push-dial stereo in the later impreza/outbacks.
However, despite knowing hte hardware is capable of more, and I assume in order to upsell their 'entertainment systems' they implemented the following defects:
Single bluetooth pairing slot. You can pay for an 'upgrade' to a 4 slot with both a hardware and mechanics fee, even though it is literally a 30 second reflash over the OBD adapter.
Bluetooth only associates automatically when the car is turned to accessories. Starting the car requires manually selecting bluetooth, going into the menu and choosing the select device category then associating. Even though it only allows *1* device slot, and it had already automatically associated when the car was turned on.
Restarting the car during operation, for example: after a stall, requires reassociating the bluetooth device.
In addition, the CD portion of the player failed within the first year, but apparently is considered 'consumable parts' and isn't covered under warranty.
Outside of the radio it has been a solid car, but given that it doesn't have a standard DIN slot to connect a radio of your choice to, it is pretty horrible just the kind of junk they are foisting on people in 20-35k cars in regards to electronics.
(Score: 0) by Anonymous Coward on Monday September 11 2017, @04:34PM (1 child)
ODB and ODBII are the reasons a care will *never* be secure. They are not designed that way. They are diagnostic systems that are now data stream systems. The concept of secure was physical access. That is not necessarily true anymore.
Once they figure out they need ODB-3 they will lock everything down. Yet it will still not be secure. But forget ever getting cheap easy to use diagnostic software and hardware. Even today many manufactures play games with ODBII to lock you out.
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @05:16AM
On-Doard Biagnostics II (ODB II)
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @11:00PM
For anyone thinkin that 'requiring government certification/degrees to become a programmer' is a smart move:
How many of those Automotive engineers working on powertrain modules do you think are *NOT* electrical or mechanical engineers, or maybe Computer Science degree holders?
And if *THOSE* guys keep fucking up software and security, then what is the point in raising the bar, if the top of the bar is still producing shit, but now going it with 4-8 years of education and hundreds of thousands of dollars of debt for no better quality code?
Remember to ask these questions the next time a debate about the professional conduct of computer programmers is brought up. The problem isn't the lack of education, the problem is systemic and bureaucratic failures from the top to bottom in the engineering of the languages, the tools, the education, etc. All because nobody wants to take the time or spend the money to really analyze where the shortcomings are, rectify them, and then go through all the work of testing out the new specifications by reimplementing old and no doubt buggy software to verify that the new versions provide better quality and security code than the old ones, while catching and describing more error conditions that could cause a complete systems failure when such a condition is reached.
Also: Maybe it is time to ensure every piece of hardware includes ECC, and the really critical parts with sufficient excess clocks include checkpointing for the worst case failure mode, So that if an error does occur that is uncorrectable in the current state, it can revert the state to the previous known good data and run another pass before its data is expected to be available. Even then it won't cover all failure modes, but that is about as close to perfect as our technology enables.