I meant to say it's seen as unfair by the line workers.

Dress codes make a slight amount of sense when the company has a requirement that many employees must wear uniforms. It's not fair to say, "you people who stand in front of customers all day must wear a blue shirt, green tie, and khaki pants" but then say, "you people are in the main office, so you're exempt from dressing like a dork." Some of the line workers resent it. Management can then decide if they want to settle the matter by subjecting everyone to a dress code.

Of course HP doesn't require line workers to wear uniforms, so that's not the case here. This is just another stupid and capricious management decision by a company that's become famous over the last decade for having the most incompetent management of any (formerly) major corporation. HP's executives have been so bad it's easy to imagine an evil Michael Dell offered HP's board of directors one hundred million dollars -each- to sabotage HP into oblivion. (Hey, it makes a lot more sense than any other reason for imposing a dress code on engineers.)

Good point. First, IANAAEE (I am not an automotive electrical engineer) so much of this is speculation, but not all of it. I do think small, hardware firewalls ("data diodes") could help prevent a lot of these problems. I also agree with you in that I don't think the direct access is necessary, but I think it might loop around in such a way that the holes end up being present anyway.

Consider: the crash message from the airbag sensors, which is on the high speed engine control bus (ECB) goes to the door locks. The door locks are on the low speed bus (security network), but bridge both networks. A data diode could stop messages from the door locks from flowing back to the high speed ECB. The door locks, ignition key, and immobilizer are all on the security network. The ignition key talks to the immobilizer. Finally, the immobilizer talks to the ECU, which is on the high speed ECB.

The security network is supposed to be isolated from the cabin comfort network (where the infotainment system, navigation system, and cell phone stuff are.) But the crash signal has to travel to the cell modem somehow, so another component has to allow messages from the ECB to the cabin bus. Plus, some of these cars have "remote start via cell phone", so something still has to enable messages from the cell modem to travel to the immobilizer. How do they get to the security network? (Bigger question: do the Chryslers even have a security network, or do all low speed messages share a common bus?)

If everything were perfect, the immobilizer would be the only potential spot for the bridge; and because the immobilizer's entire job is to prevent the engine from starting unless all the security is perfectly aligned, it seems like the natural place where the engineers would focus their security attention to isolate the low speed bus from the ECB. But obviously not everything's perfect.

It seems like they should have a set of dedicated data protection devices that would be similar in concept to a traffic signal's conflict monitor, somehow hard-wired with a rule that allows only whitelisted messages from the modem to go to the immobilizer.

Want a more adventuresome automotive experience? Go to India. During the three weeks I was there, our driver's car was struck more times by more vehicles and pedestrians than I've seen in my 35 years of driving in the US.

The drivers are worse than you can imagine. "Keep left" is more of a guideline than an actually obeyed rule; "keep center" seems to be the observed behavior. The few traffic police I saw were standing in small gazebo-like boxes in intersections - they were not driving interceptors or squad cars. Peddlers and beggars wander among cars slowed down on the roads, selling umbrellas and toys, and asking for handouts. Fuel tankers have signs lettered across the back: "KEEP BACK 25 FEET", but nobody pays attention. Lane markers are apparently nothing more than wasted white paint decorating the road. On the road in front of you you may encounter a farmer with a pony cart, bicycles, pedestrians, elephants carrying loads, and yes, the occasional unattended cow.

And the honking! Seriously, India, WTF is up with the continual honking? You can drive a full week in many cities in the USA without hearing a single car horn.

We saw all this on every single trip, including a 2AM drive from the airport.

An inattentive driver would cause an accident within a split second; this may be why minor accidents and collisions are so common.

Consider the safety network, which has data from the crash sensors, rollover sensors, seatbelt sensors, and seat occupancy sensors, and mixes all of that data together in a set of rules that instantly trigger the correct airbags and seatbelt pre-tensioners. It also needs to connect to the infotainment system to take over the car's data or phone connection to send a message to emergency services. In turn it may also get data from the navigation system to report location information. It may trigger an unlock of the car doors to assist bystanders in rescuing the occupants, and it may shut off the engine to prevent further injury. It may talk to the signalling systems to turn on the 4-way flashers to help first responders find the car. The car door lock system is part of the security bus, which talks to the engine immobilizer, responsible for talking to the ECU to start and run the car. All of those data feeds that seem like they could be isolated have real operational needs to come together in multiple devices.

The rules in a car are exponentially more complex than ever before, and they're increasingly vital for safety; not just comfort or entertainment. Consider how many lives have been saved because their airbags deployed, and the emergency responders were able to dispatch an ambulance in time to save a crash victim from dying. Now consider how many people have died from crashes directly induced by CANBUS hacking.

The safety systems of today are doing their jobs better than ever, which is the topmost goal of the engineers. Also consider the safety systems need to guarantee reliable operation to work for the first time ever in an actual crash. If they can layer on system security without compromising occupant safety, they will, but not at the expense of crash survivability.

... following Kim Kardashian.

So how is Hacking Team different than a company that sells grenades to Syria? Are all companies that make grenades unethical, because there is no non-violent application for hand grenades? What if they're used for defense purposes?

What about a dual-use item, such as selling cattle prods? Are all companies that make cattle prods unethical? If cattle prods are used for an off-label application (torture of humans), is it ethical to sell them to someone you suspect might be using them for torture, even if they don't explicitly say "we want to buy 10 cattle prods for our Glorious Leader's Torture Squad"?

Conversely, Hacking Team might be selling the 0days to legitimate law enforcement agencies, who may be using them to prevent kidnappings and murders. Is that ethical or unethical? Can you absolutely tell based on the customer's return address being London vs. Pyongyang?

Hacking Team is the company that sells 0-day exploits to repressive governments so they can spy upon their citizens. Regimes like Syria, North Korea, etc. Presumably, they've used the Hacking Team exploits to spy on political or religious dissidents and arrest/silence them.

They are NOT the hackers that broke into the cheating site.

As I pointed out in that same paragraph, Android has actual user interface controls, including a labeled home button, a menu button, and a back button. I can at least clumsily navigate with them, even if I don't know their magic gestures. Does that solve your dilemma of it being impossible to implement a useful UI on a phone sized device?

Anyway, thank you for frothing up into a true iFanboi rage at my comment. No criticism of Apple is complete without receiving the expected how-dare-you-diss-my-iPhone response. Especially welcome were the swearing and the ad hominem attacks. Classy.

I don't get it. Context is everything - when you're watching TV, you expect the controls in your hand to be able to control TV functions. When you're using a map, you expect the controls in your hand to set destinations, points of interest, identify features etc. Once you're there, you sometimes need to indicate one of several things, select multiple things, etc. A discrete button that says "press me and something will happen" is useful as a hint how to do the thing. A hidden magical swipe of the fingertips does not provide any usable way to accomplish the task. iOS gestures are among the worst design choices Apple has ever made: tap, tap and hold, swipe up, swipe down, swipe right, swipe left, slide two fingers, pinch with two fingers, expand with two fingers, grab with four fingers, tilt the whole phone to the left or right - WHAT THE HELL, APPLE? How do I even know all these options exist without external training or external clues? There is absolutely no way to guess at a gesture. But put a physical button there, and now I know there are things it will do, so I know I can press it to do something. Add two buttons and now I know there are at least two things I can do.

I've been using iOS for many years, and it just keeps getting worse. When I pick up an Android phone, I feel that at least I can find ways to accomplish the basics, even though most apps are inconsistent and have screwball interfaces. And this proves there is a disciplined middle approach that allows for a better UI, but Apple refuses to go there even though they own the entire platform. They'd rather have cutesy flicks and swishes, so that only those "on the inside" know the magic gestures, and can feel superior to the unwashed masses who don't have iPhones. [Sorry, it's an I-hate-Apple-for-this-shit topic with me.]

They'd have to find more money to sweden the deal.

Of course they're open to you, in proportion to the value of your contributions. Let's say you invented something brilliant, like the <blink> tag. If you can't convince someone on the Chrome team it's a good idea, and you can't get Mozilla to adopt it, you can try asking at Microsoft. If they don't bite, perhaps Apple will. And if none of them think your idea is worth supporting, you can contact members of the standards committee directly (their names are public.) You can even attend a meeting of the standards committee and submit a proposal. But why should they spend a lot of time listening to you, if your idea isn't worth anything to the other players in the market? They're already busy codifying the changes actually implemented by Google, Mozilla, Apple, and Microsoft.

= = = Krugman's own data shows a rise in 2% of GDP in Social Security between 1965 and 1983; succeeding programs weren't "limited" and they haven't been "cut continuously". = = =

If you and your political party are going to classify Social Security as "welfare" rather than (a) a decent thing for an extremely wealthy society to do (b) an incredibly successful program of alleviating poverty among the elderly (c) a good method of moving people through the employment system and opening slots at the top so young people can get jobs at the bottom (d) one of a basket of preventative measures against a communist revolution [as envisioned by that flaming liberal Bismark and used by Roosevelt and Hopkins for the same purpose] then you are welcome to do so.

However, if you and your political ilk want do do that you need to stand up and say so explicitly to the entire nation. Including not shirking from explaining to the heroic {yeoman farmers} ranchers of the suburban/exurban range that they too are taking "welfare" when they apply for "their" Social Security. To date the hard Radical Right has been successful in using half-truths and dog whistles to imply that they will somehow manage to chop Social Security for the "undeserving" while leaving it in place for the "deserving". This time I think you're going to be forced to show you work on that bit of legerdemain

sPh.

= = =
http://krugman.blogs.nytimes.c...
But I think it’s also important to understand where this is coming from. Partly it’s Bush trying to defend his foolish 4 percent growth claim; but it’s also, I’m almost certain, coming out of the “nation of takers” dogma that completely dominates America’s right wing.

At my adventure in Las Vegas, one of the questions posed by the moderator was, if I remember it correctly, “What would you do about America’s growing underclass living off welfare?” When I said that the premise was wrong, that this isn’t actually happening, there was general incredulity — this is part of what the right knows is happening. When Jeb Bush — who is a known admirer of Charles Murray — talks about more hours, he’s probably thinking largely about getting the bums on welfare out there working.

As I asked a few months ago, where are these welfare programs people are supposedly living off? TANF is tiny; what’s left are EITC, food stamps, and unemployment benefits. Spending on food stamps and UI soared during the slump, but came down quickly; overall spending on “income security” has shown no trend at all as a share of GDP, with all the supposed growth in means-tested programs coming from Medicaid: [graphs follow] = = =

= = = hey all achieved their mission objectives, but the vehicle wasn't flawless. = = =

Was the design spec "get payload to correct orbit safely" or was it "get payload to orbit with zero subsystem failures"? Maybe there was a reason the designers chose to use five smaller engines and an control system that could compensate for the loss of one or two.

sPh