And unfortunately, it isn't at all. So many people think they can be armchair lawyers, read the law, interpret it to the letter, and decide whether it is appropriate to bring criminal charges. I don't have a problem with people giving an amateur opinion, but so many people in this forum seem completely certain on something that seems to me to be a shaky, inconsistent area of the law. Reading the law and applying simple logic, it seems like she clearly violated it and should be charged, but that's just not how these laws are interpreted; prosecutors use heavy discretion when decided whether to bring charges. I think this sets up an unjust system, but then it's the system that needs to change.

I'm sure this is going to sound stupid, but I'm not sure it's appropriate to prosecute, even when the letter of the law has been definitively broken. Obviously, this is how it should work, but in many cases laws regarding handling of protected information are prosecuted with extreme discretion. In other words, charges are often not brought unless there is intent and/or aggravating factors, even when the law has clearly been broken as written. Really we need someone with substantial legal experience in this specific area to comment (I won't hold my breath for that). Despite the fact that the above code is fairly straight forward, I don't feel qualified to assess the FBI's conclusion: "Although there is evidence of potential violations regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case," (James Comey). I'm not addressing whether or not it makes sense to use discretion in these cases. Personally, I don't think it's appropriate and sets a double standard; it's not like someone selling drugs will not get prosecuted because there was no intent to cause addiction. That said, I don't make the rules, and I really don't think most people in this forum are qualified to judge whether she is getting preferential treatment by applying the letter of the law, combined with the way that other laws are prosecuted (and the way laws should be prosecuted). The reality is that, right or wrong, this is not how laws regarding handling of sensitive information are applied. For the record, I despise Hillary & the Clintons and will not vote for her, even though the alternative is at least as terrible.

They're not idiots, security just hasn't needed to be a big part of the discipline. Interconnected cars is still a relatively novel concept, though not brand new. It's not that hard to understand why security would be an afterthought in automotive. Immediate safety and cost concerns take precedent. Would you rather have manufacturers focus on making sure there are no safety issues with the controller, or protecting against hypothetical future safety concerns? Until very recently, the vast majority of vehicles needed physical access to exploit, but at that point an attacker could already do all kinds of things. You can say "they should be doing both", but are you willing to pay the extra cost? The next generation of controllers will be more secure (at least with some manufacturers). Time will tell if it will be enough, if I were a betting man, I'd say we'll continue to see exploits, but they will get harder.

You may disagree with me, but personally I don't have a problem with security being an afterthought in the non-connected world cars used to live in. It would require someone with specialized knowledge to have physical access to the vehicle to exploit it. At that point, I'm sure there's a number of nasty things they could do. Cars clearly don't live in an unconnected world anymore, and things need to change. It blows my mind how many engineers are zen with having components, with access to the internet, be connected to safety critical systems (see the recent concerns about Boeing's avionics security)

Yes people are that stupid and industries can be very slow to change. The auto industry seems fond of slapping some garbage piece of electronics into their vehicles to make them seem high-tech. Really this isn't brand new, but the fad now days is to try to merge your car with your smartphone. It sounds like this is what they did, and for whatever reason decided their POS infotainment system needed to be on a CAN bus with other critical controllers. Honestly, I'd rather the auto industry keep their hands off these systems and let me buy some aftermarket smartphone remote head unit garbage, or let Apple/Google do it and blend their systems into the interior. In the entire history of auto infotainment it seems like the only benefit of having the manufacture supply the electronics is aesthetics. Every aftermarket product I've used is leaps and bounds better than what was sold with the car, even "premium" systems. Regardless, it should be analogous to powering my phone off the battery and plugging into the sound system. I guess if you really need to send information back and forth, separate the bus and any controller on that separate bus should know that no controls can be sent from the that bus, just basic information. Sorry for the rant, maybe I'm ill informed and this exploit is more complicated, but I'd bet dollars to donuts that a component in the infotainment system, with access to the outside world, is on the same bus with critical components and the engineers just figured "our firmware can't send any commands, so we're good".

I assure you things are getting, much, much better. Some of the standards being passed down are far more stringent. As much as it's easy to say that they are "in lala land", it's easy to see why security would be an after thought to a system not connected to the outside would. Manufacturers would rather focus on immediate safety concerns. I agree that it's not certain that the standards will keep pace with evolving threat models, but exploits like this should get much tougher. I'll be interested to see details of this exploit, but I bet they weren't doing much (or anything) to secure the CAN bus. There is currently a huge security push in the auto industry, and bus security will certainly improve. Honestly, I don't have any expertise in security, but I imagine that encrypting the traffic on the bus and authentication will make it much harder to decipher and send malicious messages (this appears to be what the attackers are doing). Why anyone would put an infotainment system with access to the internet on a safety critical bus is beyond me and seems pants on head retarded though.

I actually think the paper is relatively readable, easy to understand, and complete in it's explanation (not to mention pretty short). They explain exactly why they got the results they did, and what can be done to improve the in-memory version. This is an argument against expecting code to automatically be faster when executing in memory. Basically, they found that the overhead of performing string operations, using standard methods in high level programming languages, caused the in-memory performance to be poor. No part of this paper is trying to claim Seek/Read/Write time of disk approach that of memory. The authors are telling you to take the full system and programming language considerations into account and not assume in-memory means faster, especially now that systems with tons of memory are becoming common.

Zune ended up being a pretty decent product, especially later, but it never really took off. Microsoft was just late to the game and insisted on copying apple exactly. I don't even think the Zune software was much worse than iTunes (but I hate iTunes too); It was basically Microsoft iTunes. That said, being late to the game and needing time to build your ecosystem severely hurt it's value. Zune basically had all the annoyances of the iPod, but was missing the benefits of a fully developed ecosystem. I think the problem Microsoft is having is that they lack imagination. If you release an identical product that is just as good late, it ends up being not as good. In theory, with enough time you'll make up ground, but not if the market changes and you fail to react again. I did love my Zune 120 though; best mobile media player I've ever owned, wish I could replace it.