Re: @ Black Rat
Oh? How about "Recognize speech that I want to wreck a nice beach."?
8644 posts • joined 10 Jun 2009
Oh? How about "Recognize speech that I want to wreck a nice beach."?
Given the errors I see in those efforts, don't bet the house on that statement.
You will find that it's not much better anywhere else. Just earlier today I saw an ad for I think AT&T that said data rates can be limited after, say, 22GB. Couldn't stomach the monthly rate for that plan, however.
That said, this marks something I thought I'd never see out of the FCC: them forcing providers offering "unlimited" service to take the word literally.
But some drivers seem to be able to anticipate disaster before it occurs by intuitively identifying clues based on instinct. This is something that pretty much can't be taught...because we don't ourselves know how we come about knowing it. It just clicks and you react...reflexively. The higher brain doesn't even get involved.
"That's what testing is for. Is an Apollo Program analogy too much of a cliché here?"
Testing couldn't account for Apollo 13. It was only quick HUMAN thinking that saved the astronauts on that mission. And it's hard to test something for which the parameters aren't completely knowable: thus what happened with Apollo 1.
They're also worst-case scenarios. Particularly no-win scenarios (Trolley Problems or Cold Equations) where you simply can't have a Happy Ending. It's a moral quandry so difficult WE haven't developed a universal solution to the problem of "Not everyone can be saved--who dies?" Yet an automated car can conceivably be put into such a problem, which raises even more moral problems. How can we trust to a computer what we can't reliably trust to ourselves?
So why not have the Google cars take a few runs up and down Donner Pass and back in the winter? Donner Pass isn't too far away and is notoriously difficult during a blizzard.
"To add to your point, once autonomous cars exist the usual argument for the defence - if you take my client's licence away he'll lose his job and his family will be on the street - won't be true any more."
What if the driver is a trucker?
Still not as hard as you think. No seat belts, for example, so you can fall over in a drunken stupor. Also, the suspension is usually nonexistent, so one bad rock or pit and you can be thrown off.
"a nice 120 mph cruise on the interstates drafting inches behind a long line of other automated cars would make short work of long trips"
...until the lead car suffers a spontaneous blowout. Moments later, you'll have a massive 20-car pileup on the motorway and probably more than a few fatalities. These sci-fi scenarios never take Murphy into account.
"None of this is difficult, but it does require a basic set of background research and knowledge on what you are doing, but I assume that's not an issue for the majority of the readers here !"
But what about the average Joe out there who expects a turnkey solution?
Wasn't Thompson's 1984 paper retorted by David Wheeler in 2005 ("Countering Trusting Trust through Diverse Double-Compiling"), demonstrating a cross-compiling method by which you can detect a bad compiler?
Every time someone brings up that XKCD, I have to bring up two possibilities: the masochist and the scaredycat. Masochists would welcome the wrench, scaredycats would faint just at the sight of it.
Actually, most heat pumps still need refrigerants. It's just they're designed to work in either direction: transferring heat outside in the summer (acting like an A/C) and inside in the winter (acting like a heater). You still need a means to transfer the thermal energy form place to place, and that's where the refrigerants come in.
Also consider that a car engine itself gets pretty hot, even in the winter. That's why many car heating systems simply pass air around the engine before sending it into the cabin (and thus why the heat doesn't really work in a car until after the engine warms up, unlike the A/C which can usually get to work within a few seconds of the car cranking up).
This also poses a problem for the Peltier cooler since the hot and cold sources change from season to season.
I wonder if part of the problem is that the very properties that make a substance a good refrigerant also make it a greenhouse gas?
As for propane, what about at the point of a leak, which would not only be more concentrated but also likely to trigger static sparks. IINM, this caused a massive fire involving lots of cylinders one day.
That's assuming the train has the capability to stop, but the thing about trains (especially freight trains) is that they're very, VERY HEAVY. And all that weight translates to A LOT of inertia. So the train may be able to see an object coming up ahead, but it may well lack the sheer physical strength to come to a stop before impact, and while it can be just problematic when a train rams a cow or a transfer truck, it can get pretty tragic if the object is large enough to cause a derailment or worse shouldn't be contacted at all (like a propane truck stuck at a crossing--when a train rammed it, it literally exploded). And some scenarios you pretty much CAN'T plan for due to their sheer spontaneity (like an earthquake).
Basically, the problem set of trains doesn't overlap well with the problem set of cars.
So what happens if there's a loose car on the tracks? Or a large tree? Or a cow (remember why old trains had "cow catchers")? Or there's a bridge kink ahead (REAL train disaster occurred because a rail bridge was dislodged by a ship but only kinked the rail rather than broke it, keeping the electrical connection live so the train had no clue what was ahead).
But performance can also mean acceleration, and being able to get up to speed in a reasonable amount of time (or even quicker in an emergency) would be a good selling point for just about ANY car buyer.
"But anyone with half-a-brain knows that self-driving cars are dangerous and unlikely to happen until the AI epoch arrives, which is currently a LONG way off."
What self-driving car makers are learning is that what we use to help us drive pretty much can't be taught. It's based mostly on instinct: on stuff newborns can accomplish before being old enough to really be taught anything (this has been shown in labs: infants can recognize human faces and anomalies without any grasp of language or higher thinking--this shows it's instinctive). Which raises an interesting question: how can we teach a car something we don't even know how we came about knowing it? Indeed, how can we even know what we know if we can't recognize it ourselves?
"We did it already. It's called a train."
No, because unlike a train, a car can go between two arbitrary points without need of switches or other restricting mechanisms. As long as there's road between A and B, you can almost always reach it. That's why many people insist on a personal car: the ability to take it anywhere, anytime whenever the need arises. Unless you can do that, practically door-to-door, trains will never replace cars.
I switched from TC to VC, and I don't feel silly. For the most part, it's improved on TC and dealt with a few problems that turned. Since I don't use the more esoteric functions, I haven't had much to worry about at this point.
But how many do Verizon ALREADY have? They're one of the biggest communications companies in the country, after all. How many of those eyeballs are UNIQUE to them?
What if it DOUBLE-reflects, becoming RHCP again? Quite possible in an urban canyon.
MX Player ALSO has a file explorer to let you find media files on your device.
As for custom firmware, that's no good if you run a root- or custom-aware app.
Actually they do because tender is required to complete a transaction if you don't use barter. It only gets dicey when a debt is involved, but normal store transactions don't normally constitute debts. Anyway, there are no laws in America that require someone to accept a bill unless a debt is involved (thus the words "Legal Tender for all debts, public and private").
In the UK, legal tender laws specifically list exceptions such that stores, city councils, and the like get relief from pester payments. You're expected to pay your dues with a reasonable spread of coinage and/or notes. In general, notes are always welcome unless they're too ungainly (say a £100 to buy £2 worth). Pound coins, again, are good in general. Pence coins, OTOH, tend to limit you to no more than certain amounts at a time for various coinage denominations.
Many shop keep low tills to deter robbery. That's why they don't do cash back or limit it. And Legal Tender laws allow stores discretion when faced with large bills/notes.
Plus there's the fact that most of the attackers can hide behind the sovereignty of hostile nations. What good is tracing your miscreant only to find it leads you to either Russia or China, neither of which could care less about what happens to the west (because they're tacitly supporting anything to give THEM a leg up) AND have the military force to counter any sort of intimidation (I mean, how do you intimidate a country with NUKES)?
Bet you they'll use this to develop ways to make the ads unblockable.
Nope. In a dog-eat-dog world, nice guys finish last.
As far as it goes, South Korea is a microcosm for the kind of cyberpunk future you might read about in William Gibson's Sprawl books or a Shadowrun sourcebook. Those chaebols carry as much if not more clout than the government, given their huge, international nature.
Not in South Korea. The chaebols go to extremes to "keep it in the family". Samsung, Hanjin, LG, Lotte...ALL of them have family at the top levels of their hierarchies.
And people wonder why South Korea is one of the the worst first-world nations in regards to suicides: worse than Japan's (and theirs are well documented for the same reasons: extreme cultural and social pressure).
According to that chart listed further down, South Korea is #2 overall and Japan #17 (but much higher once you exclude third-world countries). To compare, the US is a third of the way down the list, the UK two-thirds down.
"Also, from a quick bit of research, Samsung seems to still be a family owned business, which seems remarkable for a company with something like 17% of Korea's GDP."
Not really. This is par for the course with the chaebols. Their family-oriented nature was brought to the forefront recently with Hanjin Shipping Company's bankruptcy and with fierce family feuds over at Lotte.
"Anything and everything on the Internet can be compromised. It's really about building a framework that supports defence in depth and therefore requires multiple compromises to subvert."
Which isn't viable because the bad guys only have to be lucky ONCE, then they can blast your whole works wide open. Plus multiple defenses tend to get met with escalations and bypasses: ways to beat multiple defenses simultaneously.
"Still possible but at some point the effort required and the reduced returns will start to have an effect."
A company's jewels are likely to be worth more than any amount of effort it would take to get them, meaning it's almost always profitable. It's like with spam: the investment is minuscule compared to the reward. That's why the 'Net's still full of Script Kiddies.
"It's all about doing something rather than passively accepting it all. And the tools are there right now."
So it's been claimed. But is it REALLY worth it in a Sword of Damocles world?
But then things BREAK and users complain. Plus, for any given signature framework, someone can STEAL the credentials (like Realtek's driver signing keys).
...ESPECIALLY when they're over your head.
And how do you keep people over your head from complaining?
"Of course there's more to it but as such an 'efficient' attack vector and with decent user education at least a generation away email security needs to be a bit more than spam blocking."
A LOT more to it. A malware could just attack and take over the e-mail client, no matter how thin or sandboxed it may be (sandbox escape and privilege escalation are common now), and use it as a springboard to other exploits. Same with malware web links. It'll probably use a Turing Test so that it passes validation checks and ONLY infects when it detects a human in control. And they can escape the browser as easily as the e-mail sandbox (after all, escaping a Java sandbox is easy enough, too).
As for educating users, didn't a comedian once note that you can't fix stupid? And suppose the Stupid is over your head?
"the "people" -- will gladly embrace it"
Really? Show me a real-world situation where security trumps ease of use? And don't say the front door because that was a compromise: most front doors only have ONE dead bolt.
"The other is to not have that omnipotent root. There needs to be a disk space manager that can dole out a portion of space to the server. That manager doesn't, however, have to have the rights to read or write to that portion, nor does it have to have the rights to set up user or program IDs. It might even be the case that such a manager can only be active when booted into a safe mode."
SOMEONE has to have access to it or it's useless; the attacker just poses or takes over that someone. Plus if there's only one non-root way in or out, what happens if that way gets hosed (including any and all backups--think Murphy)? You end up with a lockout situation, and if that locked-out area has critical data, you can't just erase it and move in, either.
"Do we sacrifice some operational convenience for this sort of OS? Maybe, but it's arguable that some of our woes are the direct result of sacrificing security for convenience."
And convenience trumps security 8 days a week. Who cares about security if the job doesn't get done? The job ALWAYS comes first because your job (and the business) depend upon it first and foremost.
PS. As for Qubes, credits to milos a hypervisor attack pwns the underlayer before long.
"One quick solution is to not allow anything in email to be executed."
They'll just find an exploit and go AROUND it, say by latching to another process.
"Something more drastic would be a very different OS architecture so, for example, your ransomware can't overwrite your office suite files because the server which is the only thing that can actually access the part of the disk with those files on it only responds to the office suite programs."
Then they just go for the server instead. There MUST be a way to ACCESS it, and if you can ACCESS it, someone else can hack it.
"But the banking spam, for instance, is very unlikely to have come from a pwned machine in the bank"
Meaning that'll be EXACTLY where it comes from.
"Not the only solution. What's required is to build trustable services on top of it. That wouldn't preclude the continued existence of untrustable services."
No, because trusted services on an UNtrusted medium open you to Men in the Middle. It's the Weak Link problem. You have to secure the ENTIRE thing, end-to-end, or the weak link pwns you.
Put it this. In today's world, the operative statement is "Don't Trust ANYONE...Not Even Yourself."
Which wouldn't have made sense since December 31 would've been a Saturday, and when due dates fall on a weekend (and it would make sense to have the due date on the end of the calendar year because tax reporting switches with the new year, too), you often have to pay up on the LAST business day before then, meaning it would've been due on the previous Friday, the 30th, and this would've been too late.
It's also the ONLY way they can make money, and if the law comes knocking, there's always the back door...
No law on Earth will be able to stop them because e-tailers allow direct imports from hostile powers who don't care what happens to the west. And China has nukes...
Some people may not hold sentimental attachment to rabbits, so instead use "your spouse" or "your child".
"The safety design of modern cars means that you should be able to walk away from a 30mph crash if you're inside the vehicle."
The thing about the tree, though, is that it could easily fall ONTO the car, crushing the cab. It would be even worse if the object in question is a concrete pole or some other very heavy top-heavy object...or instead of a tree, the only way to avoid tragedy (say an careening bus full of children) is to drive over an edge.
Why bother putting their skins at risk from a car that decides to run them over? Just use life-size human-shaped balloons. I don't think car sensors are smart enough to distinguish between these and humans and will react accordingly without risk to the prankster.
But the same can be said of the bystanders and that's covered by the First Law, too. So that's why the Trolley Problem: the First Law WILL be violated no matter what you do, so what will the automated car do: save the passengers and become a risk to bystanders (raising government scrutiny, plus it may be your spouse, kid, or relative in danger) or save the bystanders and become a risk to the passengers (posing a sales problem to the dealers)? And no, any third option will just endanger BOTH groups.
Nine times out of ten, you just won't get anything. That's why WAP flopped.
Which fighting/vicious dog owners will simply ignore. And if the law starts snooping, they'll either cut and run or let the dogs loose. What good is a fatal dog attack when the dog's found to have no chip and no way to trace it to its owner?
They also get used by IoT devices, with or without your permission; and miscreants like to target commonly-forwarded ports to pwn the programs within to use as springboards into your LAN. It's a no-win situation; the only practical solution to this involves more rigamarole than the average user is willing to put up. And that's not getting started with households behind a CGN which introduces a second firewall layer that smothers most UPnP setups.