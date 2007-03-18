from the internet-or-security dept.
Ross Anderson in the Security Group at the University of Cambridge Computer Laboratory asks some questions about whether durable goods such as cars can be Internet-connected and yet provide sufficient privacy and safety. It's not a deep discussion but it does raise a few other pertainent questions.
Perhaps the biggest challenge will be durability. At present we have a hard time patching a phone that's three years old. Yet the average age of a UK car at scrappage is about 14 years, and rising all the time; cars used to last 100,000 miles in the 1980s but now keep going for nearer 200,000. As the embedded carbon cost of a car is about equal to that of the fuel it will burn over its lifetime, we just can't afford to scrap cars after five years, as do we laptops.
Meters and medical devices are two more examples of hardware that can cause great harm when control of the integrated software is taken over by malfeasants.
Source : Making security sustainable.
and Making Security Sustainable: Can there be an Internet of durable goods? (warning for PDF)
(Score: 5, Informative) by Runaway1956 on Thursday March 08, @03:34AM (13 children)
No, we don't have a hard time patching a three year old phone. What we have in reality, are vendors who simply refuse to patch three year old hardware, because that forces you to purchase new hardware. Patching the old hardware poses no great difficulty, if the vendors are just willing to maintain that hardware.
Death smiles at everyone. Sailors smile back.
(Score: 2) by Adamsjas on Thursday March 08, @03:54AM (5 children)
Well, nice rant, but not totally true.
Since I've owned a cell phone two network standard radio protocols have been totally shut down by US carriers. Current phones dropped those as well, but I was using phones that were working fine right up to the day they decided to shut down the towers handling them.
But my long since disused Razr, iPhone, and one early android still work as phones today If I bothered to put a current sim in them.
Its all the crap software that they pile on that kills these old phones. 3g, 4g, LTE, even GPRS data still works. And isn't going away any time soon.
But the problem isn't that hard to solve. Mandate a socket that you can plug in a replacement radio into.
And all future cars have to have that socket. Replacement socket kits should also be an easy thing to provide, if not by the manufacturer, then by the third party market. Just like software, specify the interface structure and protocol, and let each side (car and radio) do what they want behind their respective interface.
(Score: 3, Insightful) by Arik on Thursday March 08, @03:58AM (2 children)
*THEY DECIDED.*
They turned off the towers, of course your phone quit working. That has nothing to do with it. The phone itself had no problem, it would have kept right on working.
"Unix? These savages aren't even circumcised!"
(Score: 3, Insightful) by frojack on Thursday March 08, @06:03AM (1 child)
Wasn't that exactly his point? His various phones contused to work till the day the carriers ceased to support that type of cellular connection, probably because that radio type was uneconomic.
Kind of like Leaded Gasoline. That 60's era vintage car is just going to have to be tuned to deal with it.
As long as cars with internet connections can operate without that connection, (such as in cellular dead zones), and the radio system can be changed out, there shouldn't be a problem.
No, you are mistaken. I've always had this sig.
(Score: 2) by JoeMerchant on Thursday March 08, @01:55PM
Before I signed up for my first cellular service, I bought a pair of tri-band Ham handhelds. They were good for making contact with the SO when she picked me up at the airport, and out in the woods there was a repeater tower that could call in to town and maybe summon an ambulance if required.
20 years later, those handhelds still work like they always did (though the batteries are NiCad and a bit weak, could spring for a LiPo version today if I cared) - and they only cost about as much as one year's cellular contract.
(Score: 0) by Anonymous Coward on Thursday March 08, @07:59AM (1 child)
They used to have that. Car radios had DIN slots and ISO connectors, and often replacing a radio was so easy that a burglar could do it in under a minute.
My current car was manufactured with a cassette player. The previous owner replaced it with a CD player. I replaced it with one that takes both USB (A) and SD card (full size).
Nowadays radios are connected to everything, and almost impossible to replace. At the same time, don't expect USB and SD cards to last anywhere near as long as cassette tape did.
Anyone buying a new car today, you should demand that the radio either be replaceable or come with USB-5/E, nano-SD and be able to receive both DAB+++ and DVB-H4.
(Score: 3, Insightful) by anubi on Thursday March 08, @12:12PM
Tell me about it. When I was trying to buy a new vehicle about two years ago, every visit to the showroom was immediately followed by a bout of nausea.
What I was being shown went against everything I believe in.
5 minutes in the showroom and I was ready to puke.
I ended up buying a 20+ year old diesel van off of Craigslist. At that point, I had made up my mind I would do whatever it took to get the older machine back up to snuff.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by JoeMerchant on Thursday March 08, @04:25AM (4 children)
Be grateful that your 3 year old phone still works as well as it did 3 years ago. When a certain fruity phone and device company pushes updates to their old hardware, they degrade the performance - sometimes to completely unusable levels. Meanwhile, on the dark side, Microsoft did the same thing to Windows XP - it ran great on the old Atom processors when they came out, but 5 years later it was dog-slow, re-install from CD-ROM and forbid updates and it's snappy again.
(Score: 3, Interesting) by anubi on Thursday March 08, @08:04AM (3 children)
I still have several DOS and WIN95 systems running absolutely perfectly... still doing what they were programmed to do.
Amazingly, I even still have some of those old CDC 40MB MFM disks still running... the Seagates all died though. Stiction got every last one of 'em.
Not too concerned over the disks though... if they go, I have plenty of IDE and Flash memory alternatives. But as long as the disk runs, I just back up the programs and keep going. I still have a box of about a dozen of the things still in the garage somewhere. They just don't seem to die.
Yes, I occasionally have to change out the clock battery, or put fresh capacitors in the power supply. Looking at the "AC volts" across the filter capacitors with my trusted 50 year old Triplett 630 VOM will spill the beans if the capacitors need changing.
The only problem I see coming up is it is almost impossible to find a parallel port printer anymore. And I think soon the VGA displays I use will be scarce as the copyright people work with hardware manufacturers to "close the analog hole".
When I build something, I expect it to work until it is dismantled. Not time out in three years or so. Finicky stuff that doesn't last is the kind of thing one would sell a business, that is businessmen that can't see beyond the next quarter. Some businesses seem like they absolutely love to spend all their capital on ephemeral junk, while gloating over how much money they saved by hiring the cheapest manpower they can attract. Then they wonder why they can't keep up with technology. Guess what, you don't HAVE to change out all the wiring in your house every three years. It will do what it was designed to do for a hundred years. You want to set up automated assembly plant? Do it right, and it will do what it was designed to do for a hundred years.
To this day, I have yet to see a "worn out" computer with the exception of what I will type later. I have only seen those rendered obsolete through lack of support. However the time between the Pentium II up to the more modern processors I avoid, because of power supply and heat sink issues.... there was runs of crappy capacitors, and the boards had issues with other heat related and pulse related problems. However, the processors released the last five years or so are back on track for being reliable. It was about a twelve year window around 1996 to 2008 that it seemed nothing coming out was worth having. It was all full of heat sinks and massive current pulses that lead to deterioration of bypass capacitors.
I considered the 386SX to be the last "super-reliable" device for mundane machine control... which I am now designing Arduino/Propeller hybrids for their eventual replacement. I simply cannot trust the commercial DRM'd stuff in an industrial environment. What do I do if someone upgrades the OS when its busy putting labels on bottles? Come in the morning only to discover a room full of broken bottles and a congratulatory "you have successfully upgraded" message on the monitor?
Presentation is everything. I guess its OK if they also show a cartoon depiction of a smiling man wearing a suit, hand outstretched for a shake. The roomful of broken bottles won't look so bad then.
XP on the Atoms? I felt that Atom was a fantastic step toward again making something that was not a heat-making, current-sucking, power-hog. Something usable for making a long-term device with.
I have a celeron in my laptop. Same thing. Snappy when I first bought it. Got slower and slower. Finally a virus delivered by JavaScript did me in a few years ago. It was on these very forums you guys steered me onto NoScript. So, I reinitialized my laptop to factory state, noted how the machine was back to its snappy state, reloaded my software, disabled updates, and am still using it. Ten year old machine, WalMart special - no less, but works great. Admittedly, a lot of the modern softwares work like crap in this old machine, the big one to me was the browser. And again, you guys saved me with the SeaMonkey recommendation. I had FireFox, which had grown beyond this machine's resources, and was hanging up on YouTube all the time when an ad insertion caused it to overload. Its working with SeaMonkey. Hell, as long as I have a browser, Eagle, LTSpice, the Arduino programming environment, MathCad7, and a few other utility proggies, it does all I need. Its not like I am doing any heavy gaming on this thing or anything else computationally intensive. EAGLE seems to load this thing down more than anything else. I am running Eagle 4. I have access to Eagle 6. Is it worth it to upgrade? Or will doing so make things worse in terms of additional resource requirements? ( Asked for the same reason that I ran the earlier Firefox just fine, but the later one takes up so much memory and CPU that I simply max out then either stutter or crash! )
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Insightful) by driverless on Thursday March 08, @11:31AM (2 children)
That's a problem with some of the standards for security being written today, which are driven almost entirely by a few large silicon valley companies who assume the whole world is online 24/7 and anything can be updated within 24 hours. There's no backwards compatibility or future planning, just "lets throw in every cool feature we need for our purposes, we can always roll out new patches whenever we feel like it, and deprecate anything we feel like". There's no way to reconcile this with devices that have to operate in the field for five, ten, twenty years. "We've got what we want, and everything else doesn't exist".
(Score: 1) by anubi on Thursday March 08, @12:33PM
And then one day they sell out to someone else who turns off the server.
Then you are left holding a bunch of technology that no-one ( due to Intellectual Property rights ) knows what to do with if its broke.
Might as well toss it and start all over.
I find that paradigm very nauseating. I feel if I can't fix it, I really question what business I have with it. It would be like a business hiring an employee, but having no control over him.
The exception is cheap generic consumables.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by JoeMerchant on Thursday March 08, @01:40PM
I just "felt a bomb dropped" when one of our developers told me that the WebRTC source code was 5 to 6 GB... for a comms layer!
The world is truly screwed if we're depending on 5 million pages of code just to shuttle data from A to B in a "open" format.
(Score: 2) by Grishnakh on Thursday March 08, @07:08AM (1 child)
No, we don't have a hard time patching a three year old phone. What we have in reality, are vendors who simply refuse to patch three year old hardware, because that forces you to purchase new hardware.
What they mean is that we, as a society, have a hard time patching a 3yo phone, and they're right, we do. The problem is that we, as a society, seem to be unable to actually force these vendors to act in the best interests of society rather than their profits. I don't see any realistic way of fixing that problem myself.
(Score: 2, Insightful) by anubi on Thursday March 08, @08:15AM
We get crap because we accept crap.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Insightful) by JoeMerchant on Thursday March 08, @04:22AM (4 children)
Can people manage their own passphrases? IME, just barely. If you could trust people to actually use a passphrase as secure as correcthorsebatterystaple, they could actually manage secure keys using 30+ year old tech. When the end users won't even use a 7 of 9 dot swipe code to keep their phone "secure" - how can you possibly control something like software updates to a car?
If the users were really mindful and the manufacturers only pushed software updates that were really necessary, then when your car says "important safety update available, please authorize installation ASAP" the users could check the news and manufacturers' website to confirm that the update is legit and then authorize it.
Instead, we've got automatic daily pushes of multiple updates for our phone apps, every home PC and console device seems to need weekly updates, and there's no way in hell that I'm going to research each one for myself before authorizing them, so - in effect - the update path is wide open, users are asleep at the switch - if not by their own lack of caring then by chronic update fatigue; So, then, anybody who breaks the update key/scheme that's typically identical for millions of end users has free reign to push whatever they want to millions of devices.
(Score: 1) by anubi on Thursday March 08, @08:27AM
You are *so* insightful bringing this up. As far as I am concerned, this alone should be a top national security issue.
Imagine... United States gets into war with "bad guy" because he does not abide with our WishList. We impose "sanctions", he retaliates by sending us a fake "Important Update" to all our computers/cars. Can you imagine the chaos that would result in this country?
And who knows if our systems aren't already compromised, with the "secret codes" to do this held in reserve for the day some "Enemy of the State" decides to play his "Trump"(pun intended) card. Our government will look just like Keystone Kops all over again.... all those badges, uniforms, armed men, salutin', and orders... but they can't get their car to start.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1) by shrewdsheep on Thursday March 08, @09:28AM (2 children)
Just don't. I have updates disabled and I have accrued around 50 update request on my phone. The old rule was: software should improve with every new update. That rule has changed to the opposite at least on the commercial side. This is why I am not interested in updates as I do not expect improved functionality.
For a car, updates are certainly expected to follow the same path. However, critical safety updates - the equivalent to phone-app-vulnerabilities - would require updating. I have no intention to purchase a car that does automatic updates that cannot be user-controlled. This would mean to be put under the total control of the vendor, by extension the goverment and by futher extension criminals.
(Score: 1) by anubi on Thursday March 08, @12:17PM (1 child)
I am of the strong belief that 95% of those "updates" are related to new DRM enforcement agents.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by JoeMerchant on Thursday March 08, @01:51PM
I worked intimately with Adobe Flash for a few months in 2013, got to know each and every update, what it was supposed to do, what it actually did with respect to our products, etc. And, your belief is correct, at least 95% of Adobe Flash updates in that period were playing whack-a-mole with video pirates doing things like watching BBC content from out-of-licensed-region terminals.
(Score: 2) by krishnoid on Thursday March 08, @04:39AM (2 children)
How do these numbers change for electric car components?
(Score: 2, Interesting) by anubi on Thursday March 08, @09:09AM (1 child)
When I look at how much energy it took to make that van I just purchased off of Craigslist, I feel I made a significant impact rescuing that thing from destruction. This thing is over three TONS [duckduckgo.com] of steel! Huge diesel engine. I fell in love with the thing over its simplicity and lack of any electronic doodads that someone else could shut down on a whim.
Even though those old mechanical diesels are massive, and are damned heavy for the power they put out, they are extremely simple and reliable. Everything is gears, cams, pushrods, and pistons. Get it started, it runs.
If I was to drive a lot, then I would have to place its pollution and mileage higher up on the considerations, but for me, an old retiree, getting to the supermarket, Home Depot, Harbor Freight, or Frys is about it with maybe a trip to the doctor occasionally. I seriously doubt any pollution I incur driving it will come anywhere close to the pollution incurred to make this thing in the first place. No, I would not have bought this for a 100 mile per day commute.... for me its more like 100 miles per week. $20 / week for 5 or 6 gallons of diesel isn't making a helluva dent in my budget. I am quite confident this 20+ year old machine *will* outlive ME.
If anything else, this machine will have no problem hauling a camper should I become homeless, which is a concern for me given how I am mostly an introvert and work better with machines than I do with people, but people have the say on how much I am valued.
I feel if more of us would value our older technology, and simply refuse to buy because something offered is "new", and INSIST that we understand how it works before we buy it, we would see attitudes change. But, alas, we offer the "new, shiny" along with an "attractive" loan package, and most of us will sign up. I think we are all getting herded into one hellacious debt trap, but who am I to stand up against the man wearing the suit, in front of the microphone, egging us all into being controlled by those we empower to control the things we PAY for?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by JoeMerchant on Thursday March 08, @01:45PM
We "rescued" a 2002 Mercedes S for very little money up front, and I too think that's much better for the environment - driving around at 21mpg for the next 100,000+ miles, than sending 2 tons to the recyclers and getting another freshly formed 2 tons that might get 30mpg doing the same job.
Personally, I like the late '60s early '70s small block V8 cars - good air conditioning, reasonable safety (yes, it's better today, but the bulk of the risk was removed by the late '60s.) I might get one of those some day and put on aftermarket fuel injection, because carburetors literally suck for a daily driver.