aldestrawk’s Techdirt Profile

aldestrawk

About aldestrawk




aldestrawk’s Comments comment rss

  • Jun 17th, 2015 @ 10:22pm

    Re: Re: Would you like to play a game? let's play chicken.

    Speed is a very important factor in the decision to swerve. If you're going 60 mph that maneuver to avoid a deer will likely cause your vehicle to roll. The problem is, unless you have trained specifically for such maneuvers, your split second decision may not take into account the speed your going. Also, if you had somebody too close behind you, their actions might kill you. It's all very hard to predict.

  • Jun 17th, 2015 @ 7:31am

    Re:

    Control freak! Just learn to relax and let Skynet handle all the driving. Seriously, even if the autonomous cars did occasionally cause accidents, there would still be far fewer than those caused by humans. This produces the least overall harm. You are just worried that your car will kill you and your family and you'll be innocent victims without another human to blame.

  • Jun 17th, 2015 @ 7:10am

    Would you like to play a game? let's play chicken.

    "...calculating the possible trajectory of two cyclists blotto on Pabst Blue Ribbon and crystal meth."

    This is the real question of interest. I cannot see a scenario where there is a greater/lesser evil choice in an unavoidable accident. Cars have brakes and are supposed to allow enough distance to brake without colliding in the event of unforeseen incidents. Humans often makes things worse, for themselves and others, by veering or veering and braking at the same time. The autonomous vehicle should be able to sense that the braking system is functional.

    If you really want to test the ability of software to take action that will produce the least harm, have it play modified games of chicken (real or virtual). Chicken, both with other traffic and without, where the opposing driver's actions are unpredictably:
    1). completely random.
    2). distracted for a random amount of time before realizing that a collision must be avoided.
    3). evilly intent on causing an accident no matter what you do.
    I think you'll find that most of the time braking without veering produces the least harm. There may be some narrow situations where you can avoid a collision. However, if there are multiple cars veering things can get unpredictably ugly.

    A case in point: the Bruce/Caitlyn Jenner crash from last February. In this multiple car accident, Jenner was the person primarily at fault. However, Kim Howe, the woman who was killed driving the Lexus, had just started to veer into the center lane while braking to avoid hitting the Prius. When Jenner's Cadillac hit the Lexus it was propelled in the direction the front wheels were aligned. This meant the Lexus traveled across the center lane into the opposing lane. If Howe had not veered she would have been forcibly rammed into the Prius in front of her. At the moment of the first impact, the Cadillac was going 38 mph and the Lexus about 19 mph. That would have been a very survivable accident, perhaps without any serious injury.

  • Jun 15th, 2015 @ 7:49am

    58,000 files?

    Again, it is repeated that Miranda was carrying 58,000 documents. You might imagine that the forensic techs working for the UK government simply counted all the encrypted files. It is not very likely these files were just sitting there individually encrypted. The whole set was probably doubly encrypted by putting all these individual files into an encrypted drive or volume. In fact Greenwald et al. used TrueCrypt which is oriented to encrypting entire drives. There would be no way then to know, even the approximate, number of files contained in that volume(s).
    I am surprised the Sunday Times did not mention that Miranda was found to have a written password on him. When the UK government mentioned this they were clearly hinting that the password was capable of decrypting the supposed 58,000 files. In an article based on the Sunday Times story, Business Insider did mention this password:

    http://www.businessinsider.com/snowden-russia-china-and-nsa-files-2015-6

    Of course, the UK government was just hinting at that when, in fact, that password was unrelated to the encryption of any files obtained from Snowden. This was an attempt to show the journalists (and couriers) who were handling these sensitive files were practicing poor operational security. The disclosure that China and Russia have access to the entire cache of unencrypted documents obtained by Snowed. may be a further attempt by the UK not just to smear Snowden, but to use their apparent failure at operational security to justify detaining, or even arrest of, any of the journalists who have access to these files or to confiscate any computer or device they can find that holds those encrypted files.

  • May 28th, 2015 @ 8:00am

    Re: Not an overreaction...

    I'll bet you that there were, at least, several other objects in that car related to cooking. Objects, the police are being coy about describing now. Also, it would have been awfully easy to cover the pressure cooker so it was not easily visible. Same potential danger. Any terrorist who isn't a total moron would have covered it up. If a terrorist merely put a detonator on the gas tank that could be as dangerous. My point is that common sense would direct you to looking at the entirety of the situation. After all, restaurant kitchens are being invaded to destroy all pressure cookers. Also, why couldn't they have contacted the owner first, while maintaining a cordoned off area around the vehicle?

  • May 28th, 2015 @ 7:45am

    Re: Wrong - blowing up potential bombs is standard practice

    "dangerous objects" are left behind in all sorts of public places every day. Law enforcement has to balance detonating every single one of these against what is potentially a real threat. It's paranoia versus common sense. I do give our government, and local police forces, some credit for not blowing up any and all shoes left unattended in public playgrounds.

  • May 28th, 2015 @ 7:38am

    Re:

    "Also not sure how the officials justified a 'driving after revocation' charge..."

    This is why any lawyer will recommend you never, ever, talk to the police. When they interviewed this guy he probably admitted to driving his vehicle and parking it with the leaky explosive device (i.e. gas tank + engine) attached to it. Of course, he had to balance the possibility of being held indefinitely as a material witness while refusing to cooperate against admitting to actually driving the vehicle.

  • May 27th, 2015 @ 2:09pm

    Re:

    The crime that was actually prosecuted was a portion of the CFAA, unauthorized access of a protected computer in a way that caused "impairment" of said computer. The perpetrators lived in two different states, California and Maryland, so it seems quite appropriate that the FBI was called in and it was prosecuted under federal law.
    What is more disturbing than this is how the FBI raided, and arrested, numerous individuals for letting their computers be involved in the DDOS attacks organized by Anonymous. It shows how flexible the CFAA is and how unfair the penalties are for crimes that become suddenly much more serious when they involve a computer.

  • May 27th, 2015 @ 1:54pm

    Re: Re:

    If you read the Fusion article that is linked to here, the prosecutor is quoted as saying "[they] pled guilty last year to misdemeanor “unauthorized impairment of a protected computer.” Tim's article is misleading with respect to that. I think the question of "theft" is what the prosecutor was interested in talking about because it is new territory. The prosecutor was a federal prosecutor, so I assume the law involved was part of the CFAA. Given that, an additional crime of fraud would be applicable if the victim suffered some sort of loss. Maybe that loss, being virtual, can be considered more of a loss of a service than loss of a real item.

  • May 19th, 2015 @ 5:20pm

    IFE network is connected to the Avionics networks

    After reading the comments, I see there is some skepticism here about the fact that, on more modern aircraft, the IFE network shares the same network cabling as the avionics network(s). It is true. This was done to save weight despite the fact that you can no longer use the best security, which is a air-gapped networks. The aircraft manufacturers, such as Boeing, claim that the security they have in place in sufficient. They claim that even if a passenger laptop is connected to the IFE, no packets can be injected into the avionics networks. They probably have a network switch which is set to filter out any packets coming from the boxes under the passenger seats. What they probably really mean is that no conversations can be initiated from the seats as a lot of common protocols, including those used for the IFE, involve packets sent from these seats. Such a system can be secure, but I would be very nervous about proclaiming this set up to actually be secure. One of the possible vulnerabilities are commands to the network switches themselves to change the filtering.

    Not only is there common cabling between the networks, but the manufacturers have moved away from a proprietary protocol stack and are using TCP/IP on top of a modified Ethernet protocol. This allows someone, with a little knowledge, to connect their laptop to the box underneath the seat. [Please note, Timothy Geigner, that this does not involve the WI-FI network] Undoubtedly, the FAA, and the aircraft manufacturers, have put some effort into assuring passengers can't affect any of the avionics controls or sensors. The question is, have they done enough? Since the industry is also relying on security through obscurity by keeping the details secret, it makes it hard for independent researchers to confirm this.

  • May 1st, 2015 @ 7:57am

    AT&T caps rate below contracted agreement.

    An interesting thing concerning the max DSL rate happened to me a few years back. I live in a rural area near Silicon Valley and have a wonderful ISP. I am still limited to 1.3 Mbps as that is the max rate for DSL here considering my distance to the nearest central office. AT&T, of course, provides all the infrastructure, for which the ISP, Cruzio, pays them to be able to offer Internet connections. One day, I noticed videos were pausing during download. I went through my usual debugging strategy (I'm a software engineer who works on switches and routers). A speed test consistently maxed out at 384 Kbps. That number was instantly suspicious to me and indicated that AT&T had intentionally capped my rate on their routers at the central office. Luckily, I didn't have to deal with AT&T directly. I called Cruzio and was able to talk to a tech guy immediately. He said, a number of their customers in my small town had experienced the same problem. He said he would deal with AT&T. 10 minutes later, the problem was solved and I have never had that issue again. So, it looks like AT&T had an issue with overall throughput and decided to handle it by capping the rate on various customers, hoping they wouldn't notice. I don't know what would have happened if I had to deal with AT&T directly. I am certain solving the problem would have taken longer than 10 minutes though. I would like to have a faster connection but my only choice for that is Comcast.

  • Apr 20th, 2015 @ 7:32am

    Re: Re:

    What you are describing is a replay attack. The transponders used for locking/unlocking the car and for vehicle immobilizers already use encryption in a way to defeat a replay attack. The technique of using a repeater, or relay, device is different from a replay attack. With keyless entry, you don't have to have physical possession of the key to initiate the cryptographic handshaking. The key can sit in your house while the thief uses the relay device to fool the car into thinking the key is close by. The relay device just transmits the entire cryptographic handshake in both directions. Unless, there is a way to distinguish actual proximity from the use of a relay device, this same problem will exist for the smartphone + application.

  • Apr 7th, 2015 @ 8:27am

    an obvious solution

    As an engineer, I have learned how to gleen the basic requirements from complex problems and craft a workable design to provide a solution.

    -The main concern of the NSPCC is that children viewing porn gives them a distorted view of what sex is about. Among the potential problems:
    -exaggerated and stylized male and female bodies leading to body image issues.
    -seeing violent and controlling relationships as normal.
    -seeing fetish, or extreme, sex as typical.

    -The survey included a total of 2000 children from 12-17. One of the 11 questions was whether they had taken part in, or made, a sexually explicit video. 12% answered yes.

    -The UK government is convinced that age verification is a workable solution to restrict certain age groups to certain websites.

    Given this, I suggest child porn for children websites. The child porn will be made by children, starring children (no adults allowed), and only accessible by children through age verification. Clearly, this is a much healthier solution than the current situation. What could go wrong?

  • Apr 7th, 2015 @ 7:29am

    worried or addicted?

    What NSPCC states in regards to one of the 11 questions in the survey was that, "one in ten 12-13 year olds are worried they are addicted to porn". The Vice article, in it's criticism, states this as "apparently addicted to porn". I doubt those children who took part in the survey were instructed as to what a proper definition of porn addiction is. Some might think that viewing any porn on a regular, or semi-regular, basis is an indication of addiction. An indication that the wording of the questions may not give useful results is that one of the questions produced the result that 20% of 12 to 13-year-olds thinks that watching porn is normal behaviour. Let's assume that normal refers just to whether or not kids of that age watch any porn. Studies show, that the prevalence of internet porn addiction in adults is about 1% of internet users. Yet this survey suggests that fully half of 12-13 year olds who watch internet porn fear they may be addicted. It's not likely there is a huge difference in addiction prevalence between tweens and adults. One problem is that if you ask whether something is normal most people think you are asking "is this acceptable by society?" What their survey does show is that wording of questions is extremely important, particularly with children. This survey is fairly useless, but there is now distortion on all sides.

    The NSPCC's Childline program seems to me to be helpful. They are focusing on providing information to children whose only source of sex education is internet pornography. They aren't trying to stop children viewing Internet porn. Rather they are saying to them that the images in porn don't represent typical bodies and real life sex. I have to agree that sex education in a society shouldn't be coming exclusively from the porn industry.

  • Apr 3rd, 2015 @ 5:11pm

    Re: Re: Re: Root cause

    according to Illinois Law:
    If the “Romeo and Juliet” exception applies, sexual abuse is a Class A misdemeanor, punishable by up to one year in jail, up to two years of probation, and a fine of up to $2,500.

    So, in this case the police did have the option to charge all the children with statutory rape. Child porn charges though, have more severe penalties for them.

  • Mar 27th, 2015 @ 2:53pm

    Re: Re: Re: Autoupdates are bad

    I use Secunia's PSI to indicate updates for a lot of common software. I keep a list of things that may need updating that are not covered by this.

  • Mar 27th, 2015 @ 1:32pm

    (untitled comment)

    Chemnitz? Ach bitte, es ist Karl Marx Stadt.

  • Mar 27th, 2015 @ 1:31pm

    Re: Autoupdates are bad

    Absolutely! The trouble is Microsoft encourages auto-update, particularly when it is a home computer and not managed by an IT department. The first thing I do with a new computer, or new software be it the OS, a browser, or random application program is to check for and disable any auto-updates. On the other hand, if auto-update didn't exist then there are a lot of folk who would never think to update and leave themselves vulnerable.

  • Mar 27th, 2015 @ 1:18pm

    Re:

    This puts an interesting spin on the system of screening done by the TSA. I don't think anyone is truly afraid of Sara Jane Olson blowing up the plane she is on in a suicidal attack. There are Americans who don't believe in rehabilitation, or that she could tire of being a violent radical even after more than 30 years of being a mom and showing no inclination towards any sort of violence. They would have her placed on the no-fly list, at the very least, as a form of further punishment. It makes sense to me that because she is so well known, notorious in fact, she should be given pre-check approval rather than being subjugated to the bias of any particular TSA agent who recognizes her name. I know Tim is ranting about the general lack of common sense and inconsistency shown by the TSA, but I think this particular action did make sense.

  • Mar 26th, 2015 @ 1:05pm

    (untitled comment)

    So, evidence now points to the co-pilot intentionally crashing the plane. He did this when the pilot left the cockpit to use the bathroom. What was probably the only sane response to 9/11 was to reinforce the cockpit doors and keep them locked. Here, you have the cockpit door being used as an impenetrable barrier being used as part of the plan to crash a plane. What do we do now?

More comments from aldestrawk >>