Public disclosure (or at least the threat of it) is the only way to put pressure on companies to fix security holes in software, including software in cars.
Let's not forget that these same 2 security researchers put on a demonstration on a Toyota Prius and a Ford Escape at Defcon in 2013. At the time, it required a wired connection to the diagnostic port. The automakers ignored it and said their systems were secure.
As to the threat concern, yes, these guys did have physical access to the Jeep used. But they are also able to scan the network using a burner phone on Sprint's network that UConnect uses to locate other cars running the same software all over the place. The same vulnerable software that they can exploit remotely.
Yes, because when the US government accuses a citizen of foreign country of breaking a law in a country the foreign citizen has never been to, the only reasonable course of action is to be led like a lamb to the slaughter in a broken justice system.
It's no longer about the crime he allegedly committed. It's about abuse of power, US imperialism, political corruption and crony capitalism, and a biased justice system.
It's not just that the DRM plugin itself isn't something you would voluntarily want on your system.
The entire infrastructure and method of distributing these kinds of plugins (NPAPI) being used has been recognized as a security nightmare for years.
What NPAPI does is allow any random website that has something embedded that requires a plugin to point to any random location the website wants as a source to get that plugin. Depending on browser settings, it may download and install the plugin automatically, or pop up a window like what is described. The large majority of users will just click accept on the window. This is why Chrome does not allow it. Mozilla has greatly modified how it works in Firefox to only point to Mozilla's trusted plugin library. I believe Opera does not allow it either (they use something similar to Chrome).
United's solution to how to play video on someone's device looks identical to one of the most popular ways to spread malware from a decade ago - the "video codec plugin" scam.
You seem to be implying that I think people should be driving unsafe cars on public roads.
I do not want that. I want to be able to drive safely.
What I want to prevent is the inevitable overreaction and counterproductive bad legislation that prevents people from legally tinkering or making modification to the cars (and other devices) they own, and not to require approval from the manufacturer. Your words: "only run manufacturers approved software" is what I have a problem with.
The act of driving unsafely, or of operating an unsafe vehicle, is what should be illegal. It should not be illegal if I run different software in my car that Chrysler or Ford or GM or whoever doesn't like, so long as that software isn't otherwise dangerous.
"I think it is acceptable to ensure that vehicles used on public roads only run manufacturers approved software, because a software bug endangers people other that the owner."
I think you need to reread the article. This was a software bug in the manufacturer-supplied software.
Making it either illegal (through legislation) or impractical (through DRM or TPM chips or similar) only increases the chance these bugs are not found. It also takes away valuable modding capabilities to improve your own car.
If the concern is safety, then existing laws either already cover it (e.g. illegal to operate a car that hasn't passed it's yearly inspection) or should be written in a manner that does not cut out legitimate tinkering and modding because of overblown fears.
as long as people keep it to themselves and not share online, they is nothing to fear.
Uh-huh. Tell that to people who have actually not shared anything online, but still get sued.
Besides the general insanity of the ruling, it simply isn't good for the rule of law. Bad laws and bad rulings further widen the gap between what is legal and what is socially acceptable in everyday life. In free societies, there needs to be a really good reason to make something illegal if everyone is doing it. If not, then the inevitable result is selective enforcement, which undermines the belief in the fairness and equality of the law.
"shouldn't they aim for the lowest damages overall"
That is a utilitarian view.
Roughly speaking, the deontological view is that by the act of choosing to pull the lever, you are now complicit in the murder of the one (even if you did it to save the 5).
We have this same argument when it comes to torture with the 'ticking bomb' scenario. Do you choose to torture someone you suspect may know where the bomb is to save the lives of many (utilitarian)? Or is torture always wrong even if done to save lives (deontology)?
This is NOT an easy question to deal with. Good of the many vs. good of the one. Hobson's Choice. Countless other permutations.
The Trolley Problem is a very well understood thing in philosophy and ethics. There are numerous scenarios, including ones like yours, as well as an interesting variation where instead of having a lever to divert the trolley from killing the 5 lives at the cost of 1 life on the diverted track, you have option to push a fat man onto the track to stop the trolley. These scenarios have been translated into many languages and cultures, and the results are roughly similar across most people surveyed.