Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:I don't like this at all (Score 1) 137

T-Mobiles 'unlimited' isn't.

That depends on your definition of unlimited. Do they throttle your connection speed after a certain cap? Yes. But so does AT&T with their 'unlimited' plans that people are grandfathered into. At least T-Mobile is honest and upfront about it AND a hell of a lot cheaper to boot./P.

Comment Re:Great. Another internet-to-CANbus bridge (Score 1) 153

And as I mentioned before it has already been established that ABS systems are vulnerable to tampering

You're just waving assertions in the air. Was there a slashdot story a couple months ago, yeah, and it actually talked about a non-OBD thing, some new remote exploit tool that the some automakers are putting in. Who knows what it does, or what computers it hooks into. I didn't, and wouldn't, make any claims about what some car functions a non-OBD access method provides. That also goes for your CarPlay and Android Auto crap.

Hybrids are a special case, and I'll grant that hybrid systems can often have the brakes affected by hacks. The reason is that they use regenerative braking. The main computer has to be able to switch between the real brakes and the regenerative engine braking. The NTSB has yet to wise up to the fact that the brake computer should still be in charge of the brakes 100% of the time, and should be raising a flag to the powertrain module to tell it when to engage the engine brake.

The biggest danger I can see from these dongles is that they might get hacked and start playing advertising, distracting drivers and killing people. And yeah, a malicious hacker could kill somebody while they're driving without altering the vehicle safety systems. I think people are mostly arguing against something totally different than what I actually said, because I didn't align my specific statements with the conclusions people are coming to, and they're wanting to work backwards to say I'm wrong about everything, because I'm not supporting (or contradicting, for that matter) their conclusions about the safety of plugging random dongles into their car. If it helps people resolve their cognitive dissonance I'll point out that plugging shit into your car is stupid. Hell, connecting your cell phone to the bluetooth car stereo is probably stupid if it is a stock stereo. If it is an aftermarket stereo it is most likely safe. But that said, unless you have a hybrid there is no way to turn off your brakes from your stereo.

Preemptively, the Chrysler brake hack was done using a manufacturer remote access tool, not an OBD tool.

And do you know why they didn't bother using an OBD dongle for this hack? Because they didn't need to! The car manufacturer was already putting the CANBus. They didn't bother with an OBD dongle because the surface area is larger on the manufacturer provided access point. The OBD port puts you on the CANBus. Anything you can do from the Infotainment system on the CANBus you can do from the OBD port. Will you have to have knowledge about the specific vehicle you're attacking from OBD? Almost certainly. But you can get all of the info you need right off the dongle when you instigate the attack.

Comment Re:Great. Another internet-to-CANbus bridge (Score 1) 153

The OBD-II port allows access to the life-safety systems of the car. It is a private unsecured network that performs no authentication.

These dongles allow arbitrary access to the car bus, limited only by their buggy software. They shouldn't even be manufactured.

I'm sure that car manufacturers would agree with you as this would then make third party products (including diagnostic tools), 'unlicensed' (by the manufacturer) mechanic work (including do it yourself) and so forth difficult to impossible resulting in even higher manufacturer prices for the same thing.

So no, I'll keep that open port open, thanks just the same.

No one is trying to suggest that the OBD port should go away. In fact, US law requires its existence. Go try and hook a 1995 or older car to a diagnostic code reader. You'll find you need manufacturer specific info and hardware to get anywhere. The GP is saying that we should not be putting these devices on the internet. We shouldn't be creating devices whose sole purpose is to track and monitor everyday citizens as they go about their lives./P.

Comment Re:Great. Another internet-to-CANbus bridge (Score 3, Insightful) 153

You are wrong. On the internet. Shame, shame.

Pot meet kettle?

Arbitrary access to the car bus is provided by the port that you plug this device into. The device listens to that bus and takes actions outside of the car network. Arbitrary access to the car network existed already.

This 'arbitrary access' you refer to is only available to someone who has physical access to the CANBus to begin with. And when has anyone ever claimed that you could prevent a network from being owned when someone has physical access to it? These devices put that air gapped network ONTO the internet. Sure you could buy a car with OnStar and achieve the same thing, but many people are smart enough to avoid OnStar vehicles.

Also, the only part of the "life-safety" system you can access is the airbag status. The "life" and "safety" things in the car computers are the airbags and brakes. Those both have their own isolated subsystems. You cannot mess up the "life-safety" systems in the car through the ODB-II port, you can only read the status.

This is not true either. Just a few months ago black hats demonstrated the ability to control the ABS systems of cars, kill the engine while they are traveling at high rates of speed, and more. Less than a year ago I had a meeting with a major car manufacturer to discuss Android Auto and CarPlay with the engineers working to integrate it into their vehicles. With the prototypes I saw, you could start/stop the car and affect many other systems directly through the Manufacturer's own app. This app keeps you in their nice little playground. You could do a lot more if you escape their jail.

The things you could change, if a device changed operating mode to the diagnostic mode, are just things that would make your car run like crap, or shut off.

Having your car shut off at just the wrong moment could result in your death. And as I mentioned before it has already been established that ABS systems are vulnerable to tampering. So now you could have someone kill your engine and your brakes at just the right time to result in a fatal crash.

Yeah, if you plug this thing into your car, and the software gets cracked, trolls could disable your vehicle. Why should manufacturing stop? If your doorknob was built with a lock that some people could pick, bad people could steal from you. Does that mean that locks shouldn't be manufactured? No, it means you have to choose what product to use, and some people will make poor choices.

The CANBus was never designed to be exposed to attack like this. You're willing to have people in 2500+ pound vehicles flying down the road with script kiddies attacking their cars? And for what gain? So insurance companies can track your speed and position? So that you can have some company babysit your kid so you don't have to actually be a parent? So you can stalk your ex girlfriend? The risk to society far outweighs the benefit to society which, from my perspective is absolutely zero.

My car is old, a 2000, but even with the car off and the main computer without power, the traction computer is still on and functioning. The anti-lock brakes are on the same computer as the anti-roll parking mode, and the traction assist for ice and snow. I could totally fry the main computer that connects to the ODB-II port, and I'd still have traction control. And if the vehicle is in gear and moving, I'd still have power assist to the brakes even if the engine had stopped firing because of a computer problem.

Your car may not be as vulnerable as other cars but that doesn't mean that we should open up the car's network to the whole world for no reason. Let's look at your argument about door locks. Let's consider the fact that the network is NOT on the internet to be one of the locks securing it. Are you suggesting we should just remove this lock because someone could physically modify the computers on your car? You could leave your house one day and I could swap your lock out for another. Does that mean you should leave your door unlocked? No. No one is likely to do that to the average person because it's not worth the effort. When I can cause 100,000 cars to stall and their brakes to stop working with the execution of a script? Well what teenage kid wouldn't find the idea of that amusing?

Comment Re:Define speeding (Score 1) 153

What will be reported as speeding? Exceeding the speed limit in short bursts is necessary (and legal) if you are overtaking slower-moving vehicles.

Not in Australia & I doubt in the USA either.

In the USA it likely depends on the state. California has, for instance, what they call a 'Basic Speed Law'. That states that, except for certain exceptions, it is perfectly legal to drive up to 55MPH anywhere you'd like so long as you can prove that the speed you were traveling was safe. Typically the way you prove that the speed limit was safe is by citing the engineering reports that show safe speeds for the design of the road. This is handy because there are plenty of municipalities where I live now that artificially lower speed limits in order to increase traffic revenue. Unfortunately, my current state does not have a basic speed law. But anyway, the exceptions to the basic speed law are places like school zones and other areas where there is a codified speed limit set.

Comment Re:Maybe it's just who we are... (Score 1) 685

Once any barriers are removed (and I'm not sure there are any now), then we would see what the true diversity in backgrounds for coders would be.

In my experience, as a man, the barriers are definitely there. I had classmates who drove women out of the program by harassing them and bothering them without even realizing that they were doing so. Female coworkers have had men line up outside their cubes as one programmer after another tries to awkwardly flirt with their coworker. Now I do not believe that any of these students or coworkers intended to harass these women, but that is exactly what they did. To the point where one girl at my university confided in me that she planned to change majors because the classes were less interesting than she expected and she could not handle all of the unwanted attention. And that female coworker? I sat next to her and found these guys so irritating and distracting that I had a hard time focusing on my work. I can't imagine how she got anything done.

Comment Re:Not necessarily malice (Score 1) 416

And the problem with that is...what? Are you saying you want troopers to be inefficient? If the troopers knew that an area tended to have more murders, would you not want them to increase patrol efforts in that area?

Well certainly you would want them to increase public safety. Studies have shown that artificially decreasing a speed limit does not increase public safety - people are going to go the speed they feel comfortable going for the conditions. However, you'll find that many cities are increasing their traffic enforcement at the cost of decreasing other programs such as gang enforcement teams or programs that may have the officers respond to events that do not benefit the bottom line of the law enforcement's office.

Comment Re:This is why you call your bank before tourism (Score 1) 345

If you're going to make out of the ordinary purchases for overseas, or travel overseas, you always want to call your bank ahead of time. This is a standard operating procedure, and nothing to complain about on Slashdot.

I never bother with this. I travel international on a semi regular basis and travel nationally all the time. Every once and a while I'll get a text message asking my bank if I made a purchase, but they approve the transaction before I ever even notice I got the text. I travel to California at least once every quarter and had the bank call me and ask about a $1000 purchase at a California grocery store chain. I was nowhere near the state of California. So far, fraud detection has been seamless and convenient for me.

Comment Re:GOOD GRIEF! (Score 1) 570

Tap water hasn't been chlorinated of half a century if not more.

In which country? Here in London, it is chlorinated heavily. We would all die otherwise. I have an under the sink filter, as my grandfather did before me. Still a slight taste of Chlorine, and some family members won't drink it.

I bet they'd drink it if they got thirsty enough!

Comment Re:Against the law (Score 1) 239

(Rosa Parks, for instance)

You cannot compare Uber and Rosa Parks with a straight face. Uber exists to make money and is seemingly doing so - or at least hyping themselves to the point that they have a large war chest. Rosa Parks refused to give up her seat for no motive of profit, for no self aggrandizing or selfish reason - but because asking her to do so was wrong. She did so at risk to her own personal safety and freedom. No - nothing Uber does is so selfless and noble. They are no better than the taxi companies they are trying to replace. They're worse because they profit by willfully disregarding the law. I bet the mafia types around the world are wondering how they can incorporate their illegal practices just like Uber.

Comment Re:Uber is at least as good (Score 1) 239

This holds no moral water; they thought that they were buying a licence to be able to ruthlessly exploit the people of London. They thought wrong. I have zero pity for what comes next.

Have you ever lived somewhere with a non-regulated taxi system? My guess is absolutely not. And I can tell you now that the Utopia you are envisioning does not exist. I spent a year living in a country without taxi regulation and it's almost impossible to find a taxi after normal business hours. You also have to be very careful who you accept a ride from - some just want to rob you. Others will take you part way to your destination and threaten to call the police if you do not pay a higher fare than you originally agreed upon. And you had better have agreed on a fare prior to departure because they will charge you anywhere from 10x-100x the usual and customary fare once you arrive at your destination. Half the taxis are brand new and in excellent condition and the other half are utter death traps where you're thrilled to arrive at your destination in one piece.

Does Uber protect you against some of these things? Absolutely. But once the regulation falls you're left to be raped and pillaged. Just ask the state of California how energy deregulation worked out for them. They blew through a $40B budget surplus in just one summer that they were left at the mercy of Enron and friends.

Comment Re:NZ? (Score 1) 73

Maybe I think that centripetal force is just as fake as AGW? Maybe I am sick and was tired and was not thinking properly? Maybe I was just trolling? Or perhaps it was a combination of all of the above? Who can possibly know? The safest guess is the second option, though. Thanks for pointing out my folly to me.

Comment Re:ooh, ooh, I know how to fix this problem (Score 1) 203

No you don't. 25% is the highest tax bracket you qualify. I am in 36.9% bracket. My effective tax rate including AMT is around 24%

You must be a tax dodger, then, if you fall under AMT and are paying 24%. If you take just my Federal withholding for the year, I am at 17% of my annual salary. Once you throw in medicare and social security taxes I am 24.8%. At the end of the year, when I file my taxes, I will end up paying another $1500-2500 to settle my taxes for the year. This is after I tax defer over 15% of my income into a 401k.

Comment Re:NZ? (Score 1) 73

....what? "falls" into space? You need to reach escape velocity (the direction of which interestingly doesn't matter). At the poles, you have to do it all by yourself, on the equator you only need to add sufficient speed to what you're already getting due to Earth's rotation.

The earth's rotation helps you enter an orbit, it does not help you escape the Earth's sphere of influence.

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"