How Lucky!

I’m starting to think Larry Niven was right.

One of the subplots in his Known Space stories involves, in short, breeding humans to be lucky. He postulates strict birth control laws combined with a lottery to distribute one-child exceptions to the laws. After several generations, there will be people whose ancestors are all lottery babies.

Whether that constitutes luck, I’ll let you decide.

But in the context of the stories, the eventual result is a group of people who are so lucky that nothing bad can ever happen to them. Even things that seem unfortunate will ultimately prove to have been the best thing that could have happened to the person.

With me so far? Okay, now consider this quote from “Flatlander,” one of Mr. Niven’s stories set before the rise of the lucky. The protagonist is watching a group of hobbyists who restore and drive old internal combustion engine cars on a stretch of freeway (which they also have to restore and maintain).

They were off. I was still wondering what kick they got driving an obsolete machine on flat concrete when they could be up here with us. They were off, weaving slightly, weaving more than slightly, foolishly moving at different speeds, coming perilously close to each other before sheering off — and I began to realize things.

Those automobiles had no radar.

They were being steered with a cabin wheel geared directly to four ground wheels. A mistake in steering and they’d crash into each other or into the concrete curbs. They were steered and stopped by muscle power, but whether they could turn or stop depended on how hard four rubber balloons could grip smooth concrete. If the tires loosed their grip, Newton’s First Law would take over; the fragile metal mass would continue moving in a straight line until stopped by a concrete curb or another groundcar.

“A man could get killed in one of those.”

“Not to worry,” said Elephant. “Nobody does, usually.”

“Usually?”

You know where I’m going with this, don’t you?

We don’t need no steenkin’ breeders’ lottery to breed ourselves for luck. We’re already doing it. Every time you get into a car, you’re taking your life in your hands.

The Interstate Highway System has encouraged drivers to drive faster and faster, generating impatience with anyone who doesn’t get with the program. Merriam-Webster claims the first known use of the word “gridlock” was in 1980. Certainly the phenomenon, along with “road rage” (1988), has been around longer than that.

But even if we go with 1980, that means roughly 130,000,000 Americans have been born only because their parents were lucky enough to survive on the roads long enough to breed. By now, we’re into at least the third generation.

And it shows. People keep finding new ways to ramp up the danger level.

Drivers are no longer content to honk if the car in front of them doesn’t move fast enough when the light changes. Now they honk and pull around the laggard, using the shoulder, adjoining lanes, and even the oncoming traffic lanes. In the rain, regardless of the presence of pedestrians, and despite the drivers in the adjoining lanes doing exactly the same thing.

Somehow, most of them survive. How lucky!

The next couple of decades are going to be interesting, but at this rate, by the time the kids born in 2050 are old enough to drive, they’ll be too lucky to ever have an accident. Think of all the money they’ll save on insurance, vehicle maintenance, and transit infrastructure!

Listen Up!

By now, you’ve probably heard that new hybrid and electric vehicles will have to be factory-equipped with a noise-making system to ensure they can’t sneak up on pedestrians.

It’s not a bad idea, really, but this is definitely once situation where the devil will be in the details. And boy-howdy are there a lot of details.

Would you be surprised to hear that the actual rule runs to 370 pages? No, I wasn’t surprised either; this is a federal rule, after all. What did surprise me was that the summary is less than five pages long. Now that’s efficiency! But I digress.

One of the details I’m dubious about is the estimate of the number of accidents the rule will prevent. Next time you drive somewhere, watch the pedestrians. In particular, take a close look at the ones who step out into traffic without looking both ways. My bet is that most of them are wearing headphones.

I’m not suggesting the new rule is pointless. If nothing else, it will be helpful to the blind. But 2,400 injuries per year seems optimistic to me.

That aside, what I find most interesting about the rule is that it doesn’t specify what kind of sound the cars should produce. The rule sets out standards for minimum volume at various frequency levels and how the volume should change when the vehicle speeds up or slows down, but there’s nothing in those three hundred seventy pages that describes the actual sound.

Each manufacturer is free to choose whatever sound they wish, a long as all vehicles of the same make, model, and year use the same sound. Bets on whether some manufacturers will choose to use their advertising jingle as the sound? I suppose it’s too much to hope someone will use a voice saying “Hey, look out! Car coming! Damn it, don’t play in traffic!”

More seriously, given the need to vary the sound according to the speed of the vehicle–and the need to upload new firmware to fix bugs–manufacturers are going to hook the sound system into the same inter-car network system as everything else.

Lest anyone forget, many of the radio-based car hacks we’ve seen use the entertainment system as a point of entry. It’s clear that, to date, manufacturers haven’t given enough thought to separating components.

That being the case, how long will it be before hacks start appearing that let you take over the safety sound system and replace the factory-installed sound with anything you want? How long will it take before the RIAA starts suing motorists for “sharing music” by routing the output of the stereo into the external speaker?

Small Bites

A collection of small items that don’t seem to warrant entire posts of their own.

Engadget reported last week that, as their headline put it, “Researcher finds huge security flaws in Bluetooth locks”. Briefly, he found that twelve of sixteen locks he bought at random had either no security or absolutely horrible security. That doesn’t mean, by the way, that those remaining four locks are safe, just that the researcher, Anthony Rose, didn’t immediately find problems.

Does this come as any surprise? It shouldn’t. Given how often we’ve seen Internet of Things manufacturers give no thought whatsoever to security, the surprising thing is that four of the locks weren’t trivially hackable.

Police and alarm manufacturers will tell you that it’s impossible to actually secure your house against a break in. The goal is to make it a harder target than your neighbors’ houses. Clearly, your best bet today is to buy a bunch of Bluetooth locks–and give them to all your neighbors!

Moving on.

I said that the new Ghostbusters movie wasn’t doing as well at the box office as it deserved. Apparently Sony agrees. According to Gizmodo (among many sources), the direct loss–before figuring add-on income from licensing and merchandise–could be as much as $70 million.

As a result, plans for a sequel are on hold. Instead, Sony is focusing on an animated TV show for 2018 and an animated movie for 2019.

OK, yeah, animation is potentially cheaper than live action, especially if you don’t have to pay full price for the actors. But it does rather make Ghostbusters something of a second-tier property.

And if you’re the betting sort, the smart money says neither the TV show nor the movie will feature the women who starred in this year’s film–and then, if the animation does well, it’ll be held up as further “proof” that women can’t carry a movie without male help.

Complete change of subject.

Audi is going to launch a new feature in some of its 2017 cars. Correction: IMNSHO, it’s a misfeature. They’re going to add a countdown timer on the instrument panel and heads-up display to let drivers know when red lights will turn green.

Seriously. And if Audi does it, you know everyone else will follow suit.

I don’t know how people drive where you are–or near Audi headquarters–but around here, people stretch yellow lights well beyond any rational limit. Give drivers a timer, and they’re going to accelerate as soon as it hits zero, without even looking at the traffic light, much less checking for oncoming traffic that didn’t even enter the intersection until their light was red.

The only way this could even begin to be sensible or safe would be if automakers lock out the accelerator (and horn!) until the onboard sensors confirm that the light is green, the car in front (if any) is beginning to move, and there’s no vehicle in the intersection. I regard this as highly unlikely to happen.

So, given my grumpiness in regard to new technological “advances,” you may be surprised to hear that I’m strongly in favor of this next announcement.

According to Ford CEO Mark Fields, the company is actively developing fully autonomous cars intended for ride-hailing services. They expect to have them on the market by 2021.

I’ll be blunt here: I dislike taxis and their modern would-be successors in large part because there’s no way to know whether the driver will (just to pick a few examples at random) cross solid lines changing lanes, speed, use the mirrors before changing lanes, or come to full stops at red lights and stop signs.

There’s no guarantee that an autonomous car will drive any better than any random human–and, putting on my QA hat for a moment–you can be certain that every single automaker’s self-driving car will have buggy software.

But at least autonomous cars will be more consistent. Get in a car that drives itself, and you’ll know what to expect from the driver. I find that idea soothing.

Finally, I don’t know whether to laugh or cry about this last item.

It seems that the Hacienda Mexican Restaurant chain in South Bend, Indiana thought it would be a good idea to put up billboards advertising their food as “The Best Mexican Food This Side Of The Wall.”

The signs are coming down. According to Executive Vice President Jeff Leslie, the company “didn’t expect the backlash.”

Let that sink in for a moment. This is a chain of Mexican restaurants that’s so out of touch with Hispanics, that they thought associating themselves with Trump’s Wall was a good advertising strategy.

I know the connection between an ad and the product it’s hyping is tenuous at best, but this really takes the tortilla. If the company has that big a disconnect with its roots, what are the chances that it’s food is any good at all, much less the best north of Nueva León? Small bites, indeed.

Eye on the Prize

As you might have expected, my ability to remain relentlessly cheery lasted about a week. Not that I’m going full-on depressing again, but today’s piece is a downer.

Remember last year’s Jeep security fiasco? The one where a couple of researchers found a way to use cellphones to take over any Cherokee and drive it remotely?

Alison Chaiken used that story as an example of how the automotive industry is heading in the wrong direction when it comes to security. Linux Weekly News has a good writeup of her presentation, but unfortunately, it’s “subscribers only”*. The slide deck is here, albeit without a lot of useful context.

* LWN does allow linking of subscribers only articles, but for economic reasons asks that such links not be made publicly-available. If you want to read this piece, drop me an e-mail and I’ll see what I can do.

The gist is that not only are automakers emphasizing “gosh-wow” features over security, but regulators are focusing on the wrong things. The result is that nobody is paying attention to serious questions of privacy and security.

For example, Ms. Chaiken notes that the US National Highway Traffic Safety Administration requires that infotainment* systems that have a rear-view camera must boot within two seconds. That number was, she says, chosen arbitrarily and proved extremely difficult to attain. Allowing three seconds would have saved “countless hours and costs” that could have been used better elsewhere.

* Can we agree that, the word “infotainment” is at least as obnoxious as “phablet”? But that it’s equally well-embedded in the vernacular and unlikely to go away? If we can agree, I’ll spare you the five hundred word rant I trimmed from the first draft of this post.

More critically, where regulations are being made with an eye towards safety, regulators aren’t giving sufficient thought to privacy. Ms. Chaiken cites rules covering what data must be recorded by “black boxes” for analysis of accidents. The rules don’t prevent using the same information for other purposes, so consumers have been denied warranty coverage (and, I believe, insurance coverage) based on non-accident-related information captured by the black boxes in their cars.

In cases where regulations haven’t been made yet, manufacturers aren’t considering privacy either. The push in infotainment systems is to provide access to more and more different services. Some of those services will inevitably require user information–hell, some of them already do: Pandora, for example, needs to know who you are so it can offer your customized stations. Sooner or later, some apps will store un- or lightly-encrypted passwords, GPS presets and trip data, credit card numbers, and other NPI. What happens when your infotainment system is stolen? For that matter, what happens when you sell your car? As far as I can tell, none of the systems offer a way to securely wipe the storage, even in cases where they allow some form of “reset to defaults”.

Fun times ahead.

That said, as Ms. Chaiken points out, there are positive signs. Publication of the Jeep Cherokee issue and other automotive security failures are forcing manufacturers to design more secure systems. (Although it should be noted that the DMCA makes it risky for security researchers to study automotive electronics.)

The California Department of Transportation is currently writing rules to cover self-driving vehicles. There’s a window in which they can be encouraged to build in privacy and security coverage. Of course, this is Caltrans we’re talking about… Keep your fingers crossed–and get involved. This is a great opportunity to drop a note to your state representative.