When answering, pretend you have access to robot and A.I. technology
that you expect will be available in 2 - 4 hundred years time (instead
of current primitive robot technology) and also refrain from saying
anything relating to having a robot do your mundane household chores
(like cooking and cleaning, which is great
and all, but that's what everyone tends nominating).
Jeeves.
--
wolf k.
Everything or Nothing, depending on how nice they were about their
domination of humanity.
That's something of a weird question to ask because if we assume that
in 200 to 400 years we have near or superior to human AI, then
assuming that a normal person could build or own one (because they are
cheap enough to manufacture in numbers, rather than being the
exclusive property of the rich, who already have plenty of servants)
then very, very quickly humans would do nothing aside from what they
felt like doing if the robots were kind masters and only whatever the
robots allowed us to do if they are not as kind. (Because, if humanity
allowed the robots to do everything for them for a few decades then
what happens when they suddenly tell you no.)
Now if we limit ourselves to the near term (less than 100 years) where
robots might be smart enough to carry out tasks unsupervised, but
nowhere near human intelligence, then we would have robots do exactly
what you told us not to say. They would do the stuff we don't want to
do, like mundane household chores, dirty or dangerous jobs, and all
those mind numbingly boring repetitive tasks. Pretty much the kinds of
things we have them do now. Unless you are Japanese then you'd want to
knock boots. (I'm joking, the Japanese are on the forefront in that
avenue of research, but the rest of the men in the world would jump on
the band wagon quickly enough. Most men are inherently lazy (I know I
am) and women make us work too hard.)
That's an excellent question! I wish more people would ask it of
themselves, before building ANYTHING. I see a lot of posts from
people that want to build a robot "just because", with no idea what to
have it do. That's no way to design ANY product.
First, figure out what you want to get done, then figure out how to do
it - not the other way around. The solution might or might not
involve a robot (or more than one, even?). Mundane chores are exactly
the sort of things that might be suited to robotics/automation. Look
at some real-world examples, such as welding, painting, assembly,
etc. Instead of something that looks like it came out of "The
Jetsons", think in terms of single, simple tasks that need to be done
but can be "delegated".
JM
>When answering, pretend you have access to robot and A.I. technology
>that you expect will be available in 2 - 4 hundred years time (instead
>of current primitive robot technology) and also refrain from saying
>anything relating to having a robot do your mundane household chores
>(like cooking and cleaning, which is great
>and all, but that's what everyone tends nominating).
I 4 hundred years time, they will be saying that AI is just
around the corner - all we need is more memory and faster
processor speeds :(
> That's an excellent question! I wish more people would ask it of
> themselves, before building ANYTHING. I see a lot of posts from
> people that want to build a robot "just because", with no idea what to
> have it do. That's no way to design ANY product.
Ah, you mean like the way we built the International Space Station?
They started design work on it in 1984, but there was never a clearly
stated goal or what it was supposed to do or support.
OK, leaving *aside* the household chores as a given, because
that's what I would chiefly need, I want a good enough AI to be
able to reshelve books in their proper places, according to my
half-based system which is neither Dewey Decimal nor LoC.
Dorothy J. Heydt
Vallejo, California
djh...@kithrup.com
Except ISS is not a "product". Who the hell would *buy* it?
> If you could either have and / or make a robot for yourself, what
> would you most want it to do for you
Make me incredibly wealthy.
> and what would you call it ?
Fred.
-- wds
The reason being that, in fifty years, after the AI's got much smarter
than humans and took over the world, they kindly set all of us up in a
very convincing virtual reality in which they hadn't.
--
http://www.daviddfriedman.com/ http://daviddfriedman.blogspot.com/
Author of
_Future Imperfect: Technology and Freedom in an Uncertain World_,
Cambridge University Press.
>In article <52a16d9e-5add-4f20...@x16g2000prn.googlegroups.com>,
>Sab <sab...@hotmail.com> said:
>> If you could either have and / or make a robot for yourself, what
>> would you most want it to do for you
>Make me incredibly wealthy.
You might want to add a coda about doing so through means which
are legal. Possibly also to confine itself to methods which don't
require sitcom or romantic comedy-style behaviors on your part.
>> and what would you call it ?
>Fred.
You knew the bot was dangerous when you took it.
--
Joseph Nebus
------------------------------------------------------------------------------
I remember a former NASA engineer making the claim that the Shuttle's
primary mission now is to fly supplies and crew to the ISS, and ISS's
is to give the shuttle someplace to fly to.
Yeah, but think of all that valuable experience we're getting in
space. :- )
I don't know anything about this robot. One thing I would want to
know before having it do stuff for me is if it is sentient and/or
sapient. If so, I wouldn't want it to be my slave.
In general, I would want robots to do things that humans are not
suited for, such as being the first wave of explorers of the universe.
Another thing I would like is it to be my patient teacher, or
physician.
>Most men are inherently lazy (I know I
>am) and women make us work too hard.)
But there are lots of wealthy men who work very hard at their vocation
oar avocation.
Well loooking around, I need a robot that can sort wash (and read
labels to check for special handling directions), do all the wash,
fold it AND put it away. It's the one set of chores I can never seem
to catch up with.
I'll have to do some real pondering here and get back with you.
Why are we assuming that sufficient AI technology won't be available
for two hundred years here? Not may Singularitarians on these forums,
eh?
P.S. - I'm new to Usenet, so be gentle. :-/
many*
Is this some reference to Olympic rowers?
> First, figure out what you want to get done, then figure out how to do
> it - not the other way around. The solution might or might not
> involve a robot (or more than one, even?). Mundane chores are exactly
> the sort of things that might be suited to robotics/automation.
The thing is though, a large VARIETY of mundane chores all have in
common that they can be performed by a human being. Which mean, in
principle, they could be performed by a machine with roughly human
physical abilities.
A different design may be superior for a single task, or a narrow
selection of tasks, but it'll be less general, so you run into a risk of
needing MANY robots. Which may or may not be a win.
A dishwasher is probably a better design than a human for washing dishes
-- but it can't take the plates from the table, nor can it return the
finished clean plates to the cupboard.
I'd want a machine to tidy up the kids toys. To clean the windows and
floors. To do the dishes, wash and iron clothes. To mow the lawn and
shop groceries. A human being can do all of these without a problem. A
machine that is much better for one of these tasks is probably much
worse for others.
But you're right, it's more realistic to instead of building machines
that do stuff like human do, to build machines that do it differently,
and adopt surroundings to that.
A washing-machine could do more if there was a pipe down from the
bathroom where you could toss in dirty clothes, and it knew itself how
to sort them by color, select the apropriate detergent and program
according to how dirty the clothes are, transfer the washed clothes to
the dryer etc. Ironing and getting the clean clothes back where they
belong is a sligthly tricker problem. But even a reduction to: "Toss
dirty stuff in here, fetch clean dry stuff in the basement when the
machine says it's got a load done" would be a significant improvement
over today.
Eivind
And apparently few Global Brainists, either.
Why in the heck would we waste our time building more
moral agents? We already have too many of those and
utilizing those resources already leads to compromises
in one's own morals. I want a productive resource I can
feel moral about utilizing for personal gain. My capital
goods should make my life easier without affecting my
mental life around periphery concerns.
> In general, I would want robots to do things that humans are not
> suited for, such as being the first wave of explorers of the universe.
I want them doing things humans don't want to do.
> Another thing I would like is it to be my patient teacher, or
> physician.
Heck, I'd like my physician network to be nanorobots
working inside me and communicating to deidentified
national databases. I don't want to know what they are
doing to keep me healthy and I don't want to have them
giving me gratuitous judgements about my activites or
way of life.
How about a battle bot? Except instead of being remote controlled, it
goes by itself. They could have giant arenas where these bots could
duke it out with or without projectile weapons.
I'd name it Wall-E, just for irony's sake.
>> I don't know anything about this robot. One thing I would want to
>> know before having it do stuff for me is if it is sentient and/or
>> sapient. If so, I wouldn't want it to be my slave.
>
>Why in the heck would we waste our time building more
>moral agents? We already have too many of those and
>utilizing those resources already leads to compromises
>in one's own morals. I want a productive resource I can
>feel moral about utilizing for personal gain. My capital
>goods should make my life easier without affecting my
>mental life around periphery concerns.
I figure this thread isn't about the robots we will continue to have -
but the robots of SF that are at least humanoid.
Well, doesn't that really matter ar all.. Since people with brains
invented kid toys
for science stooges with ironing boards and dishwashers
And robots, lasers, masers, CD, DVD+rw, micocomputers, word
processors, holograms,
blogs, Ebooks, GPS, USB, HDTV, fiber optics, broadband, post AT&T
magnets, and drones
for people with brains.
Design and build more robots for me.
The first wish should always be used to get more wishes!
> and what would you call it ?
Bob.
--
Curt Welch http://CurtWelch.Com/
cu...@kcwc.com http://NewsReader.Com/
(snip)
> That's an excellent question! I wish more people would ask it of
> themselves, before building ANYTHING. I see a lot of posts from
> people that want to build a robot "just because", with no idea what to
> have it do. That's no way to design ANY product.
>
> First, figure out what you want to get done, then figure out how to do
> it - not the other way around.
It's funny, because about the time I started thinking that way, I
stopped doing anything really interesting or creative. When I was a
kid, I didn't think about practical, only about 'cool'. I was
motivated then, and somehow found time to do all kinds of stuff. For
the last 15 years or so, I've killed off any interesting projects that
popped into my head by subjecting each one to questions like "has
anyone else ever done this?" and "how can this make money?"
I finally decided to just do whatever sounds cool (including building
a robot just for the experience of doing it). If it turns into a
profitable thing at some point, great. If it doesn't, at least I had
fun and did something, instead of sitting around shooting down my own
impractical ideas.
Just my $0.02
Mr. INTJ
San Diego, CA
I'd want a personal secretary. You might not need a robot body for
this at all, but I'd like something that can remind me about upcoming
appointments, dynamically adjust my schedule, take care of little side
tasks (e.g. "re-schedule my flight for next Wednesday", "Get me two
tickets for the concert"), etc.
Imagine how much more productive you could be if you were in voice
contact with your personal secretary while you were walking around.
Mike Donovan
Mike Donovan
That's a great observation. I think it holds true in my life as well.
Recently I've been considering doing exactly what you describe, after
reading The Power of Now. Have any of you guys read that?
mark
> Right now, they are working on the reusable rocket that is meant to
> replace the space shuttle. They are also working on one to take us
> back to the moon. They plan to use the ISS to do more extensive
> studies on the long term effects of humans living in space.
<snip>
a) no, they're working on an expendable.
b) they can't seem to manage to rebuild, oh, a Saturn.
c) Part of the problem is that the guys for whom "failure was not an option"
have mostly retired, and been replaced by the worst of what libertarians
picture as "government service types"... and I get that from my wife, who
was an engineer at KSC for 17 years....
mark
Or much more mundane; A car-like vehicle that is capable of safely
driving independently to any known address.
It would be immensely useful, and isn't TOO far off from what we can do
today.
1) Parking-problems become much easier if you can step out of the car
and tell it to go park itself somewhere in the neighbourhood.
2) Arriving by train or plane or whatever is more convenient if you can
send the car an SMS or something and tell it to come pick you up.
3) Delivering kids to wherever is less of a chore if you can tell the
vehicle to do it independently.
4) If the computer can drive as well as you can, it'd probably be safer
than you are because it's immune to many of the problems that make
humans unsafe drivers sometimes. (for example the car could safely drive
you home even if you had a few drinks)
5) It's free up lots of time. Better to spend the half-hour on the way
to work for reading the newspaper or this mornings email, rather than
for driving.
6) It'd make cabs cheaper (no need for a human driver) and probably safer.
Eivind
>Or much more mundane; A car-like vehicle that is capable of safely
>driving independently to any known address.
Or home entertainment systems that knew what I want to listen to or
watch.
Or phones that are as smart as a receptionist - knowing when to
interrupt me, when to wait for me to be done with a meeting, etc.
> 6) It'd make cabs cheaper (no need for a human driver) and probably safer.
True, nobody can drive safer than NYC cabbies.
In 4 hundred years it will be complerely different.
Since by then, some of the idiot-savants should have realized
that processor speeds have more to do with rain than consciousness,
and chip memory is just what AT&T uses to reduce manpower,
so it's a little difficult ot see what it has to do with either
machines or consciouness.
We could do that 50 years ago. but the problem as most popular
mechanics
cranks also have been told for 50 years is the *FCC*, not the
*CARS*.
Which is one of major driving forces behind the development of
digital electronics,
digital computers, microcomputers, optical computers, Holograms,
fiber optcs,
Ebooks, parallel procressors, GPS, Satcomm, MP3. CD, DVD. post
Neanderthal robotics,
Laser Printers, Blogs,, On-Line Publishing, Java, XML, Cell
Phones, and USB.
To be on any place on the world or elsewhere just by logging in. When
logged in to the robot I would like to have several tools to do things,
like digging, flying etc.
The robot should compensate any time-problem by anticipating on events
in realtime, that I cannot forsee at the other side of the world, or on
the moon, mars etc. F.i. save driving, diving and flying should be possible.
Furthermore should the robot be able to make sure it will function under
any circumstances and have enough fuel etc. So i don't have to think
about that.
If I gain absolute freedom to be anywhere at any time on any place, I
would be sattisfied.
Ooh! Just imagine downtown Manhattan with 90% of the cars on the roads
being empty vehicles vainly searching for places to park themselves!
People eventually give up, but a robot car could circle all day until
you sent it a pick-me-up-now message. It's the one thing that would
finally cause the city to ban all private vehicles.
Jim Deutch
--
"This new fad of brides' getting their attendants to have pre-wedding
boob jobs is, imo, a huge bust." [Ozzie Maland]
Imagine downtown Manhattan with 90% of the cars being driverless taxis,
which cost less to use than driving your own car since they don't have to
pay a driver and maintenance costs are shared among all users.
If driverless cars ever become practical, it seems to me that in large
cities you'd see very little private ownership of them, and a lot of
really cheap taxi services using them.
--
Mike Ash
Radio Free Earth
Broadcasting from our climate-controlled studios deep inside the Moon
>> 1) Parking-problems become much easier if you can step out of the car
>> and tell it to go park itself somewhere in the neighbourhood.
>
> Ooh! Just imagine downtown Manhattan with 90% of the cars on the roads
> being empty vehicles vainly searching for places to park themselves!
That makes no sense. Drivers circle an area looking for parking because
that is where they want to go. In most cases parking is a complete
non-problem if you're happy parking a mile or two away. Human drivers
sometimes aren't because that would force them to WALK for a mile or two.
The problem with parking is that everyone wants to park in the same spot
at the same time, that spot being some central location that a lot of
people are going to.
Take an airport for example.
Parking for a week at Sola airport costs $150. Which is completely
ridicolous for renting 10 square meters of asphalt for a week. The
prices are so ridicolous because parking-spaces within short
walking-distance of the terminal-building are in short supply.
There is plenty of parking, even plenty of FREE parking 5 minutes drive
from the airport. Hell, at those prices you'd be better off telling your
car to go home and park itself in the garage.
Eivind
Am I a good straight man, or what.
Jim Deutch (JimboCat)
--
"But the fact that some geniuses were laughed at does not imply that
all who are laughed at are geniuses. They laughed at Columbus, they
laughed at Fulton, they laughed at the Wright Brothers. But they also
laughed at Bozo the Clown." - Carl Sagan
Is that _secure_ free parking? That's what one is paying for if one
is parking in the airport car park lots - at least the illusion of
security for one's vehicle while one is away - and the knowledge that
it should still be there when one returns.
--
Jette Goldie
je...@blueyonder.co.uk
http://www.jette.pwp.blueyonder.co.uk/
http://wolfette.livejournal.com/
("reply to" is spamblocked - use the email addy in sig)
That's exactly what we would do instead of paying for parking at an airport
for a week. When you come home, you just call up your car ahead of time
and tell it when to be in the area ready for pick up.
But for a crowded city like Manhattan, I bet he was right about what would
happen. As long as the price of driving in circles is far less than the
price of parking for a few hours, everyone would have the cars drive in
circles, in effect, using the public streets as a form of free parking.
The smart cars would even find an illegal spot to pull over (like a drive
way, or in front a fire hydrant), and stop for a while to save money until
someone made them move. These smart cars would be worse than a swarm of
insects that shop owners would constantly have to be shooing them away.
For that matter, what if a company needed a bit of extra short term mobile
storage. Construction workers or service companies would put their shop
and supplies in a large truck (or a fleet of small trucks) and just have it
drive around the block while you worked. When you needed something else
off the truck, you just call it to swing by for another stop. The fleet of
trucks could even service multiple job sites in the same area at the same
time.
Hey, and if you think rent in Manhattan is high, just live in your smart
car and have it drive you around all night while you sleep. It would stop
if it could find a place, but it would also just keep moving if it had to.
Any why live in a small smart car when you live in a 100 ft super truck
smart car instead of paying the million dollar rent a place that size would
cost.
But the net result I suspect is that the city streets would become
unlimited free parking and storage and living space and the city would be
forced to resolve it. I suspect, the easily solution is to force all cars
to include GPS tracking and toll systems so you would get charged for every
mile you car spent on the street (at a rate which was proportional to the
size of your car or truck). At that point, the city streets become not
just another tax liability, but an actual revenue source for the city.
Most people probably wouldn't be able to justify having their own cars
again because the cost of having the car get itself out out of the city
after dropping you off would simply be too much of a waste of money.
Everyone would use the cabs or smart public transit systems (which reduce
the cost further by increased street sharing).
As cars get smart like this, I bet all public streets would get excessively
abused, and the net effect is that mileage based tolls by GPS tracking
would become the norm across the world. And that's probably a very good
thing because the true cost of building and maintaining the roads would be
directly charged to what they were being used for. The government would
always have the revenew stream needed to pay for the maintenance and the
construction of new roads and there would be far less traffic congestion
because the tolls would be adjusted per time of day as well to give people
real motivation to either adjust their habits or pay for the true cost of
the road they were using instead of the nasty indirect system that happens
today which uses the "long line" system of cost regulation.
Thinking, some more, a few other ideas about how things would change with
smart cars came to mind.
First off, smart cars would in short order not only become safer than human
drives, they would be ultra safe compared to human drivers, and it seems to
me this would lead to greatly increased speed limits. (I guess this idea
already showed up in the last I-Robot movie now that I think about it).
200 MPH transportation on public roads would probably become common.
The other idea I was thinking is that current expressways are very
expensive to build but a lot of that cost goes into safety systems like
lots of land in the median and sides of the roads to reduce the odds of
serious harm when someone falls asleep at the wheel. And guard rails, and
large merge areas. If smart cars were not only very good drivers by human
standards, but also included lots of shared information so they each knew
what the other was trying to do (more information than just blinkers - like
"I'm trying to get over to the fast lane", or "I need to exit now my tire
is failing - clear a path for me"), they could probably make far better use
of the roads by packing themselves very close together while still
traveling very fast, while at the same time, not needing as much of the
safety systems we currently include on the roads - saving money in two
ways.
For example, if the cars were very smart about lanes that could change
direction at different points in time, you might be able to build a freeway
which simply had one road bed with lots of lanes on it and no median and no
guard rails and no shoulder lanes. A road today might be 2 traffic lanes in
each direction, and four shoulder lanes, and a large grass median in the
middle as well as on either side. With smart cars that communicated with
each other and communicated with a road control system, that same amount of
land could support something like 12 lanes of traffic instead in a single
road bed instead of the 4 is it used for now. And those lanes could auto
reconfigure per traffic load and per demand. So in the morning it's 8
lanes one way and 3 the other with a safety lane between traffic used only
for emergencies. In the evenings, the lanes reverse. When a car breaks
down, and can't exit, the road transmits the fact to all the cars and the
lane it's in just shuts down until a smart tow truck comes and gets it off
the road.
The net effect should far cheaper, and safer roads which waste far less
good land.
The more I think about this, the more I think there's a lot of potential
reasons to invest a lot of money to make these smart cars and smart roads
happen as soon as possible.
> Take an airport for example.
>
> Parking for a week at Sola airport costs $150. Which is completely
> ridicolous for renting 10 square meters of asphalt for a week. The
> prices are so ridicolous because parking-spaces within short
> walking-distance of the terminal-building are in short supply.
Well, markets work. They charge that much because that's what people
are willing to pay for the convenience of not having to walk a long way.
If the price were truly ridiculous, then no one would be willing to
pay it.
--
Erik Max Francis && m...@alcyone.com && http://www.alcyone.com/max/
San Jose, CA, USA && 37 18 N 121 57 W && AIM, Y!M erikmaxfrancis
You are the lovers rock / The rock that I cling to
-- Sade
: Erik Max Francis <m...@alcyone.com>
: Well, markets work. They charge that much because that's what people
: are willing to pay for the convenience of not having to walk a long
: way. If the price were truly ridiculous, then no one would be willing
: to pay it.
And likely, anybody who didn't want to pay it could pay 40 bucks
for two taxi rides.
Wayne Throop thr...@sheol.org http://sheol.org/throopw
Well no, you're paying for *close* parking. The fact that it's also secure
is really just a given from the fact that you're paying for parking at
all. But witness the difference in rates between an airport parking lot
which can be secure simply by virtue of the fact that it's in the middle
of nowhere, and a downtown lot where security actually takes some effort.
The airport lot will be several times more expensive despite the fact that
it costs nearly nothing to secure it.
Hmmm - airport "long stay" (anything over a day or so) car parks in
the UK aren't always particularly *close* to the airport - but they
are supposed to be secure - with guards, CCTV, etc. They're usually
several miles from the airport - you arrive, check your car in, leave
your car keys and a copy of your flight numbers and itinerary, pick up
a receipt and are shuttled to the airport in the company official
buses, which have been security checked so that they can get inside
the security cordon. When you get back from your trip, you get
another shuttle bus back to the car park reception, where your car is
waiting for you (once you have shown them your receipt). Some of
these secure parking facilities also include the option to have the
car cleaned and valeted while you're away.
But these long-term lots are still much *closer* than the non-airport
alternatives, especially if you measure time for a car-less traveler
rather than straight-line distance.
To show that distance is what counts, set up a cut-rate secure car lot in
a place where you can get really cheap land, somewhere far away from the
airport. See how many airport-bound travelers park their cars in your lot.
Now repeat the experiment with an insecure lot that's right next to the
airport.
You'll get roughly zero airport travelers in your first lot, but quite a
few in your second one.
--
David G. Bell -- SF Fan, Filker, and Punslinger.
On the horizon, a carrier task force of the Salvation Navy was
turning into the wind, preparing to launch Zeppelins.
Yet another driverless-car megathread! Must be September again.
mawa
--
http://www.prellblog.de
>> Parking for a week at Sola airport costs $150. Which is completely
>> ridicolous for renting 10 square meters of asphalt for a week. The
>> prices are so ridicolous because parking-spaces within short
>> walking-distance of the terminal-building are in short supply.
>> There is plenty of parking, even plenty of FREE parking 5 minutes drive
>> from the airport.
> Is that _secure_ free parking?
The airport is not particularily secure. It's got a gate, but that is
only to ensure that you pay your parking-bill before leaving.
It's certainly significantly less secure than having my car park in my
own locked garage at home. Not that it matters, I've got insurance
against cartheft anyway and it's a ridicolously small risk around here
anyway.
Eivind
>> Parking for a week at Sola airport costs $150. Which is completely
>> ridicolous for renting 10 square meters of asphalt for a week. The
>> prices are so ridicolous because parking-spaces within short
>> walking-distance of the terminal-building are in short supply.
> Well, markets work. They charge that much because that's what people
> are willing to pay for the convenience of not having to walk a long way.
True enough. But markets also work so that when one company has a
MONOPOLY on a desired resource, prices are frequently significantly
higher than justified.
There can be no real competition on the airport-parking scene. The
airport OWNS all the land that is in walking-distance from the terminal,
so no good there. You could put up parking a mile or two away and set up
shuttle-buses, but that would give you higher operating-expenses, plus
the airport has that angle covered already: They charge a fee to let
buses enter the airport to pick up passengers. If they dislike your
competition they'll simply RAISE that fee until you're no longer profitable.
Eivind
Perhaps, but they can also raise it high enough that people go to
alternatives that the airport has little control over, such as taking
taxis or getting a friend to drive you. As has been pointed out, the
quoted figures we're talking about are already much higher than a
typical cost of a round-trip cab there and back (even with an airport
surcharge), and people are still clearly willing to pay it for the
convenience. You might not pay it, and I wouldn't pay it, but obviously
some would, so it's really not that ridiculous in an economic sense.
--
Erik Max Francis && m...@alcyone.com && http://www.alcyone.com/max/
San Jose, CA, USA && 37 18 N 121 57 W && AIM, Y!M erikmaxfrancis
Woman was God's _second_ mistake.
-- Friedrich Nietzsche
> That's exactly what we would do instead of paying for parking at an airport
> for a week. When you come home, you just call up your car ahead of time
> and tell it when to be in the area ready for pick up.
For example. If the parking-space is "home" or "some nearby place with
cheap parking" is a detail though.
> But for a crowded city like Manhattan, I bet he was right about what would
> happen. As long as the price of driving in circles is far less than the
> price of parking for a few hours, everyone would have the cars drive in
> circles, in effect, using the public streets as a form of free parking.
But it's not free. Not even close. Most cars drink atleast a gallon an
hour, even when slowly cruising, more if it's a big car or if it's hilly
or if there's a lot of stop-and-go.
That's like $3.50 rigth there, and in most of the world it's double
that, $7/hour. Which assumes zero wear on the vehicle. That's
unrealistic. In short, circling certainly costs $5/hour even in the USA,
in Europe it generally costs $10/hour upwards.
There's few places where parking costs more than $10/hour, particularily
in bulk. In other words, I find it unplausible that you'd be better off
circling trough an entire workday (8-9 hours) rather than say drive 30
minutes out of town, pay for 8 hours of parking, driving for 30 minutes
back into town.
Your cruising-supertruck-living-space thing would certainly drink even
more; even at $10/hour that still works out to $7200/month, there are
very few places where living in a truck for $7200/month (plus other
expenses) is a good deal.
There may be a FEW places where that isn't the case. I think you're
rigth those places will need to charge for the use of city-streets some
way or other. Hell, some of them already ARE.
> Most people probably wouldn't be able to justify having their own cars
> again because the cost of having the car get itself out out of the city
> after dropping you off would simply be too much of a waste of money.
I don't see the logic of this. Most people won't be able to justify it,
because the streets are so expensive because people have cars that
constantly circle ? That's circular.
Maintaining streets is expensive, but that is true today too. It only
gets more expensive if people drive MORE -- which they won't if they
don't even have a car, or if driving more costs more than today.
Cabs -would- get more popular if cheaper. Possibly your car could even
work daytime-duties as a cab while you're at work, any earnings beyond
the wear and gasoline and operating-expenses is a win, afterall.
> As cars get smart like this, I bet all public streets would get excessively
> abused, and the net effect is that mileage based tolls by GPS tracking
> would become the norm across the world.
You don't really need GPS to toll based on mileage. A physically secure
mile-counter is sufficient. In Norway we already pay road-taxes based on
CO2-emissions/km of our vehicles. It's not a stretch to make the tax
dependant upon kilometres driven too. And as you say, it can be argued
it is "fair" -- someone driving a lot DOES consume a limited public
resource. Extra tolls for congested areas (and/or times) is already in
existence.
> large merge areas. If smart cars were not only very good drivers by human
> standards, but also included lots of shared information so they each knew
> what the other was trying to do (more information than just blinkers - like
> "I'm trying to get over to the fast lane", or "I need to exit now my tire
> is failing - clear a path for me"), they could probably make far better use
> of the roads by packing themselves very close together while still
> traveling very fast,
I saw a sci-fi flick once, forgotten the title, where vehicles like this
did full-speed intersections; by "simply" planning their paths ahead of
time so that two vehicles where never at the same spot at the same time.
Looked scary, two lanes crossing eachothers at 100 mph, each vehicle
passing perfectly trough an opening between two cars in the other lane.
> The more I think about this, the more I think there's a lot of potential
> reasons to invest a lot of money to make these smart cars and smart roads
> happen as soon as possible.
It's not -that- much blue sky either. We're not there yet, but we're
close enough that most parts of the problem seem tractable, even if
theres a monumental engineering-challenge to solve.
Eivind
>> There can be no real competition on the airport-parking scene. The
>> airport OWNS all the land that is in walking-distance from the terminal,
>> so no good there. You could put up parking a mile or two away and set up
>> shuttle-buses, but that would give you higher operating-expenses, plus
>> the airport has that angle covered already: They charge a fee to let
>> buses enter the airport to pick up passengers.
> Perhaps, but they can also raise it high enough that people go to
> alternatives that the airport has little control over, such as taking
> taxis or getting a friend to drive you.
Assuming they let cabs enter the airport-grounds and pick-up or deliver
passengers for free. Offcourse they do not. Cabs also need to pay a fee
to the airport for the "priviledge" of delivering and/or fetching
passengers.
Private cars -can- drop people off, or pick them up, at no charge, I
strongly suspect that is only so because to do otherwise would risk
public outrage.
Anyway we're quibbling over a detail. I don't think you actually
disagree with my premise; which is that parking becomes more manageable
if driverless cars make it comfortable to pay anywhere in short
DRIVING-distance around the target instead of anywhere in
WALKING-distance. Airports charging monopoly-rents is just one example.
Eivind
>>> Parking for a week at Sola airport costs $150. Which is completely
>>> ridicolous for renting 10 square meters of asphalt for a week. The
>>> prices are so ridicolous because parking-spaces within short
>>> walking-distance of the terminal-building are in short supply.
>
>> Well, markets work. They charge that much because that's what people
>> are willing to pay for the convenience of not having to walk a long way.
>There can be no real competition on the airport-parking scene. The
>airport OWNS all the land that is in walking-distance from the terminal,
>so no good there. You could put up parking a mile or two away and set up
>shuttle-buses,
As multiple firms have done.
> but that would give you higher operating-expenses, plus
>the airport has that angle covered already: They charge a fee to let
>buses enter the airport to pick up passengers. If they dislike your
>competition they'll simply RAISE that fee until you're no longer profitable.
The Minneapolis-St. Paul International Airport has a designated area for
parking shuttles to load and unload passengers. There are multiple signs
in the terminal leading telling how to get to that area.
I've been using the off-site facilities since 1992, for the following
reasons:
1. It's about two dollars per day cheaper than parking at the airport.
2. The off-site places have people in their lots who direct you to the
nearest open spot. This is unlike the ramp at the airport, where you
need to search and search. This means that it's *faster* to park there
and take the shuttle than to park at the airport.
3. The shuttle driver gives you a slip that tells which spot your car
is parked in, which you hand to a different driver when you return.
This means that you don't need to spend time upon your return trying
to remember where you parked. This is particularly important after
a long flight or an extended absence.
Your theory about why this wouldn't work is trumped by the observed fact
that these private, off-site lots are usually filled to about 90% of
capacity.
--
Michael F. Stemper
#include <Standard_Disclaimer>
COFFEE.SYS not found. Abort, Retry, Fail?
--
"In no part of the constitution is more wisdom to be found,
than in the clause which confides the question of war or peace
to the legislature, and not to the executive department."
- James Madison
Since wheeled luggage is commonplace, I think plenty of people would
be willing to walk a mile or two from an airport, at least in good
weather. A half-hour walk feels good after spending hours sitting
in a cramped airplane seat. And if parking at the airport cost $150
and at the other lot was free, that half hour walk is equivalent to
earning $300 per hour, excellent wages.
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.
> Eivind <eivin...@gmail.com> wrote:
> > There can be no real competition on the airport-parking scene.
> > The airport OWNS all the land that is in walking-distance from the
> > terminal, so no good there. You could put up parking a mile or
> > two away and set up shuttle-buses, but that would give you higher
> > operating-expenses, plus the airport has that angle covered already:
> > They charge a fee to let buses enter the airport to pick up
> > passengers. If they dislike your competition they'll simply RAISE
> > that fee until you're no longer profitable.
>
> Since wheeled luggage is commonplace, I think plenty of people would
> be willing to walk a mile or two from an airport, at least in good
> weather. A half-hour walk feels good after spending hours sitting
> in a cramped airplane seat. And if parking at the airport cost $150
> and at the other lot was free, that half hour walk is equivalent to
> earning $300 per hour, excellent wages.
In fact, it seems to be quite common for there to be private parking
lots within a few miles of an airport, with their own shuttles. There's
one next to the San Jose airport that I've used.
--
http://www.daviddfriedman.com/ http://daviddfriedman.blogspot.com/
Author of
_Future Imperfect: Technology and Freedom in an Uncertain World_,
Cambridge University Press.
> Since wheeled luggage is commonplace, I think plenty of people would
> be willing to walk a mile or two from an airport, at least in good
> weather. A half-hour walk feels good after spending hours sitting
> in a cramped airplane seat. And if parking at the airport cost $150
> and at the other lot was free, that half hour walk is equivalent to
> earning $300 per hour, excellent wages.
This isn't very useful calculus, since it fails to take into account
opportunity cost.
--
Erik Max Francis && m...@alcyone.com && http://www.alcyone.com/max/
San Jose, CA, USA && 37 18 N 121 57 W && AIM, Y!M erikmaxfrancis
Triumph cannot help but be cruel.
-- Jose Ortega y Gasset, 1925
> Keith F. Lynch wrote:
>
>> Since wheeled luggage is commonplace, I think plenty of people
>> would be willing to walk a mile or two from an airport, at least
>> in good weather. A half-hour walk feels good after spending
>> hours sitting in a cramped airplane seat. And if parking at the
>> airport cost $150 and at the other lot was free, that half hour
>> walk is equivalent to earning $300 per hour, excellent wages.
>
> This isn't very useful calculus, since it fails to take into
> account opportunity cost.
And the plenty of people who aren't really up for a good mile-or-two
stroll despite also not being so decrepit as to qualify for handicap
parking. (Like me, until my goddamn left Achilles tendon decides to
either (a) return to normal functionality or (b) die completely.)
-- wds
I'd want a robot that was capable of self-replication. With near-term
technology it'd be rather large, but you're allowing for quite a lot of
technological advancement so in this case it wouldn't need to be. Maybe
even something as flexible as Stargate's Replicators.
With such a system it would be straightforward to industrialize the
whole solar system. As much habitat as we want, as much energy as we
want, whatever megastructures suit our fancy. And, presumably, they
could vacuum and clean the dishes as well. Just make sure to program
them better than the typical SF robot-run-amuck.
> and what would you call it ?
If it's something as modular as the Replicators it probably wouldn't
make sense to give names to particular conglomerations, since they'd
form and disperse as needed.
>
> I'd want a robot that was capable of self-replication. With near-term
> technology it'd be rather large, but you're allowing for quite a lot of
> technological advancement so in this case it wouldn't need to be. Maybe
> even something as flexible as Stargate's Replicators.
>
> With such a system it would be straightforward to industrialize the
> whole solar system. As much habitat as we want, as much energy as we
> want, whatever megastructures suit our fancy. And, presumably, they
> could vacuum and clean the dishes as well. Just make sure to program
> them better than the typical SF robot-run-amuck.
Ah, there's the rub. Being without such a limitation would be a survival
advantage and once started could take over the entire system.
Which is why you program it well. Perhaps we can't make it
mathematically impossible for such a system to run amuck, but you can
make it arbitrarily unlikely. Add as many bits of error-correction to
the genome as you like, and if one family of robots does run amuck have
the billions of other loyal robots that replicated correctly help to
destroy it. That'll turn such mutations into a serious survival
_dis_advantage.
We've managed to keep many other species of self-replicating organisms
domesticated without any of them rising up in revolt yet, I don't see
any reason why robots would be different in principle.
No question about it. I would build my Geminoid.
http://www.wired.com/science/discoveries/news/2006/07/71426
I could refer you to the movie "Multiplicity" for the reasons, but the
Professor Ishigoro in the article I listed explains it nicely. He has
built an exact replica of himself so he does not always have to go
into work.
That is what I want.
Tom
Mostly by close watching. If a Scottish Collie is found to have killed a
sheep, all his or her get (all descendants) are killed. This has been
going on for many years.
Yup. And some supervision is probably going to be needed for responsible
husbandry of self-replicating machines, too. We'll have some major
advantages though. The machines will be designed by us initially, not
domesticated from existing species, so we won't have to worry about
dealing with undesirable 'wild' traits. The machines themselves can help
with their own supervision - for example the scenario I mentioned
earlier where loyal machines could be ordered to help destroy any
disloyal ones that crop up. Putting in lots of redundant kill switches
would help too. And so on.
The Jurassic Park scenario where life forms are seemingly directed by
some invisible hand to instantly take advantage of any chance at
'revolt', no matter how unlikely, is just fantasy. I see no fundamental
reason why we couldn't get along perfectly well with self-replicating
robot servants.
Then again, they don't have to revolt to take over.
Cats have been silently controlling us for thousands of years.
Robots will be taught to do the same.
Hoping that the local bureaucrats haven't redefined "neighbourhood" too
generously.
> 2) Arriving by train or plane or whatever is more convenient if you can
> send the car an SMS or something and tell it to come pick you up.
>
> 3) Delivering kids to wherever is less of a chore if you can tell the
> vehicle to do it independently.
>
...and the kids can't reprogram it. And I /can/. (Don't get me started
on video kid-locks!)
> 4) If the computer can drive as well as you can, it'd probably be safer
> than you are because it's immune to many of the problems that make
> humans unsafe drivers sometimes.
Replacing those idiosyncracies with those problems which can make
computers such a joy to work with. Machines have _rules_ not _judgement_.
(for example the car could safely drive
> you home even if you had a few drinks)
>
or you were medicated. Or it thought you were medicated. Or your clothes
have just come from the dry-cleaners and the vapours set off the
sensors. Or you failed a reaction test. Or your Beloved Government just
decided that everyone else was too stupid to be allowed to do this
dangerous activity. Let's not encourage Them, eh?
> 5) It's free up lots of time. Better to spend the half-hour on the way
> to work for reading the newspaper or this mornings email, rather than
> for driving.
>
Just use public transport.
> 6) It'd make cabs cheaper (no need for a human driver) and probably safer.
>
>
>
> Eivind
--jz (a bit of a curmudgeon today)
Creating a computer system which can only be accessed by certain
individuals is, while perhaps not completely a solved problem, pretty
close to one. The secret is not to use any "locks" or "codes" or any other
such nonsense, but to simply come straight out and put a strong password
on the thing, along with some sort of dongle or fob if you want. Just be
sure not to set your car's password to "12345". Instead use an epic
passpoem, detailing the life and works of seven mythical Norse heroes, and
you're all set.
[...]
>>> 3) Delivering kids to wherever is less of a chore if you can tell the
>>> vehicle to do it independently.
>>
>> ...and the kids can't reprogram it. And I /can/. (Don't get me started
>> on video kid-locks!)
>
> Creating a computer system which can only be accessed by certain
> individuals is, while perhaps not completely a solved problem, pretty
> close to one.
You're kidding, right? :-)
> The secret is not to use any "locks" or "codes" or any other such
> nonsense, but to simply come straight out and put a strong password
> on the thing, along with some sort of dongle or fob if you want. Just be
> sure not to set your car's password to "12345". Instead use an epic
> passpoem, detailing the life and works of seven mythical Norse heroes,
> and you're all set.
Right, because we all know passwords are good security. Not.
Leslie
--
Leszek 'Leslie' Karlik
> > We've managed to keep many other species of self-replicating organisms
> > domesticated without any of them rising up in revolt yet, I don't see
> > any reason why robots would be different in principle.
>
> Then again, they don't have to revolt to take over.
> Cats have been silently controlling us for thousands of years.
> Robots will be taught to do the same.
Probably (will be taught) by the cats. Then the cats will teach them
to open cat food packages and it's all over for domesticated humans.
Robot dogs. Definitely need some robot dogs.
<Baltar> Bad memories of very bad late 1970s TV space opera emerge. Urge to
unleash the Cylon hordes upon poster erupts. And the toasters, not the blonde
ones. </Baltar>
--
email to oshea dot j dot j at gmail dot com.
>> Robot dogs. Definitely need some robot dogs.
>
> <Baltar> Bad memories of very bad late 1970s TV space opera emerge. Urge to
> unleash the Cylon hordes upon poster erupts. And the toasters, not the blonde
> ones. </Baltar>
>
Soothe yourself with memories of K-9.
--
Sea Wasp
/^\
;;;
Live Journal: http://seawasp.livejournal.com
>>> Robot dogs. Definitely need some robot dogs.
>>
>> <Baltar> Bad memories of very bad late 1970s TV space opera emerge. Urge
to
>> unleash the Cylon hordes upon poster erupts. And the toasters, not the
blonde
>> ones. </Baltar>
>>
>
> Soothe yourself with memories of K-9.
Change but your mind on what you want to see,
And all the world must change accordingly. >
Or Sleeper.
Why would I be kidding?
If cost is no object, such a system can be created to any desired degree
of reliability.
Computer security failures are almost universally due to people not being
willing to bear the cost of better security, whether it be financial,
time, organizational, or mental. (And this is perfectly reasonable. Past a
certain point, better security ceases to be cost effective.)
I can't remember the last time that a system which was truly thought to be
secure and which was done properly was suddenly compromised by a new
attack, rather than by not actually doing things properly. Perhaps the
notion of distributed crypto key cracking which came to be in the late
90s.
At this point, it is known how to limit access to a computer system to
certain individuals to any desired degree of confidence. To the extent
that it is not done, it's because it's too expensive, not because
nobody knows how. This fits my idea of a "solved problem" pretty well.
>> The secret is not to use any "locks" or "codes" or any other such
>> nonsense, but to simply come straight out and put a strong password
>> on the thing, along with some sort of dongle or fob if you want. Just be
>> sure not to set your car's password to "12345". Instead use an epic
>> passpoem, detailing the life and works of seven mythical Norse heroes,
>> and you're all set.
>
> Right, because we all know passwords are good security. Not.
Passwords are bad security in aggregate but can be fine security
individually. In other words, they work badly for groups but great for
individuals.
The reason for this apparent contradiction is because, once again, people
don't want to pay the costs. In this case, the mental costs of good
password security.
Take a million cars, secure them with passwords, and give them out to
people. Probably over half of them will end up with weak, trivially
crackable passwords, like the letter "a", people's birthdays, etc. Any
attempt to enforce good passwords will result in countermeasures such as
people writing the password on a piece of paper that they keep in the car,
etc. No doubt you are familiar with all of this.
Now, take *my* car, and secure it with a password. I'll come up with a
good, strong password which is impractical to crack or guess. Now try to
gain access to the car without my permission.
Whether passwords are worthwhile depends entirely on what your goal is. If
your goal is for every single user to be secure, then yes, they are bad.
But if your goal is merely to allow motivated people to be secure if they
want to be, passwords do the job just fine. The job of keeping your kids
out of your stuff ought to fall into the second category.
> Eivind wrote:
>
>> (for example the car could safely drive
>> you home even if you had a few drinks)
>
> or you were medicated. Or it thought you were medicated. Or your
> clothes have just come from the dry-cleaners and the vapours set
> off the sensors. Or you failed a reaction test. Or your Beloved
> Government just decided that everyone else was too stupid to be
> allowed to do this dangerous activity. Let's not encourage Them,
> eh?
ObSF: By the 2070s the dictatorial Earth-and-Luna-ruling United
Nations in Daniel Keys Moran's "Tales of the Continuing Time" books
has outlawed manual-control of civilian (flying) cars. Except in
Los Angeles, where the residents won a court battle and were granted
an exemption on the grounds that driving themselves around was part
of their protected cultural heritage.
-- wds
> Now, take *my* car, and secure it with a password. I'll come up with a
> good, strong password which is impractical to crack or guess. Now try to
> gain access to the car without my permission.
One crowbar. Of course, you can THEN also have some of the stuff
they've put in the newer vehicles that makes it so that you need some
special transponder on you or the car can't be started (due to some kind
of computer embedded in the engine controls). But I've got access to
your car, no problem. (which is of course the flaw in all computer
security. You have humans and the physical world out there that can use
brute-force methods)
I don't generally even LOCK my car; there's almost never anything
inside worth the cost and time involved in repairing a break-in. Why the
hell I'd want one with a password lock on it, or a biometric, or any of
that crap, I don't know. I want my car to open, let me sit down, let me
start it up, and go, without any special hoops to jump through -- AND
without anything making it a pain in the ass for me to let my friend
borrow it for the night, or give it to my son later on, etc.
Except that in the context of the discussion, "access" referred to
computer access to be able to reprogram the car to take you somewhere
else, not simply gaining physical access to the interior.
And if you posit that you use your crowbar to physically reprogram the
computer, recall that we're discussing keeping the car restricted from
your kids, not from criminals in general. Your children are virtually
guaranteed to try to crack any computer system you put in their way, but
having them take a crowbar to your expensive machinery is usually not the
kind of problem that parents have to deal with.
> I don't generally even LOCK my car; there's almost never anything
> inside worth the cost and time involved in repairing a break-in. Why the
> hell I'd want one with a password lock on it, or a biometric, or any of
> that crap, I don't know. I want my car to open, let me sit down, let me
> start it up, and go, without any special hoops to jump through -- AND
> without anything making it a pain in the ass for me to let my friend
> borrow it for the night, or give it to my son later on, etc.
A good example of how going for the more secure solution isn't always the
smartest move overall, and of how people make different tradeoffs
depending on how they see the value and probability of various
consequences.
[...]
>>> Creating a computer system which can only be accessed by certain
>>> individuals is, while perhaps not completely a solved problem, pretty
>>> close to one.
>> You're kidding, right? :-)
> Why would I be kidding?
If you're not kidding, then you're either trolling or clueless.
> If cost is no object, such a system can be created to any desired degree
> of reliability.
It's not a matter of cost. It's a matter of complexity. Complex systems
have unexpected failure points. Complexity is the enemy of security. And
computers are inherently complex.
Unless you count "the system is completely unusable, because it was encased
in concrete and dumped down the Mariana trench" to be "merely question of
cost" (that is, the cost of having a perfectly secure system is to have
a perfectly unusable system).
> Computer security failures are almost universally due to people not being
> willing to bear the cost of better security, whether it be financial,
> time, organizational, or mental.
No, computer security failures are quite frequently the result of an
unpredicted
mode of attack.
> I can't remember the last time that a system which was truly thought to
> be secure and which was done properly was suddenly compromised by a new
> attack, rather than by not actually doing things properly.
What is "truly thought to be secure"? Was DVD encryption "truly thought to
be secure"? Some people sure did think it was. It was broken.
Are CAPTCHAs thought to be a secure solution to spammer bot problem? Farms
of cheap human labor in India break CAPTCHAs for pennies, and lo it was
broken.
How about van Eck phreaking attacks?
Successful attacks frequently go undetected.
> At this point, it is known how to limit access to a computer system to
> certain individuals to any desired degree of confidence.
Gee, most books and experts on computer security don't seem to agree with
your point.
> To the extent that it is not done, it's because it's too expensive, not
> because
> nobody knows how. This fits my idea of a "solved problem" pretty well.
"Anybody can design a system he can't break". But that does not mean the
system
is unbreakable. It frequently is.
[...]
> Now, take *my* car, and secure it with a password. I'll come up with a
> good, strong password which is impractical to crack or guess. Now try to
> gain access to the car without my permission.
I'm your kid, right? I install a tiny video-camera somewhere and capture
your password, and then I can reprogram the car to take me anywhere I want
to. Or I install a tiny microphone and record the sound of you entering the
password and then I recover the password from that. Easy as pie.
Or I download a "hacked update CD" from the Internet, put it in the
computer,
and it cracks the car software due to a buffer overflow or some other bug
that
was discovered by some hacker long after the car was manufactured and
released.
Software is buggy. (Well, maybe you're from an alternate world where
"creating
computer software without any bugs is not a completely solved problem, but
close to one", you never know on UseNet :-))))
Passwords are good for remote access, when your client sends an already
hashed
password to the software that checks whether you are you, but securing a
home
environment against password capture is very difficult.
If I'm not your kid but a friendly neighbourhood vehicle thief, I just get
out power tools, remove the car computer and replace it with my own
computer.
Then I drive to a safe place, and I wipe your computer clean, install my
own
password and I have a car. Or I dismantle it and sell as parts, whatever.
Cracking passwords is an issue with systems where it is possible to
attempt a
brute-force crack - that is why a four digit PIN for a credit/debit card is
perfectly secure.
> Whether passwords are worthwhile depends entirely on what your goal is.
> If your goal is for every single user to be secure, then yes, they are
> bad.
> But if your goal is merely to allow motivated people to be secure if they
> want to be, passwords do the job just fine. The job of keeping your kids
> out of your stuff ought to fall into the second category.
It seems you're really clueless about security. For a nice, introductory
and
easy to digest primer on general security issues, I recommend either
"Secrets
and Lies: Digital Security in a Networked World" (for why computers and
computer networks are inherently insecure in their current incarnation),
or,
as a more general look at security issues, "Beyond Fear: Thinking Sensibly
about Security in an Uncertain World", both by Bruce Schneier.
> On Thu, 11 Sep 2008 22:27:03 +0200, Michael Ash <mi...@mikeash.com> wrote:
>
> [...]
>>>> Creating a computer system which can only be accessed by certain
>>>> individuals is, while perhaps not completely a solved problem, pretty
>>>> close to one.
>>> You're kidding, right? :-)
>> Why would I be kidding?
>
> If you're not kidding, then you're either trolling or clueless.
>
>> If cost is no object, such a system can be created to any desired degree
>> of reliability.
>
> It's not a matter of cost. It's a matter of complexity. Complex systems
> have unexpected failure points. Complexity is the enemy of security. And
> computers are inherently complex.
How to make a computer system secure is well-understood, and has been
for decades. There's a pretty straightforward "what does it cost, how
hard does the user have to work, how secure is it" relationship.
> Unless you count "the system is completely unusable, because it was encased
> in concrete and dumped down the Mariana trench" to be "merely question of
> cost" (that is, the cost of having a perfectly secure system is to have
> a perfectly unusable system).
Of course you count that. The whole question is understanding your
attacker and their resources, and recognizing how hard you have to
work (measured in $$) to keep them out vs. what the cost is if they
get in.
>> Computer security failures are almost universally due to people not being
>> willing to bear the cost of better security, whether it be financial,
>> time, organizational, or mental.
>
> No, computer security failures are quite frequently the result of an
> unpredicted
> mode of attack.
Only in the sense that extraordinary numbers of people in reasonably
secure positions aren't willing to bear the miniscule cost of
wondering if they might be attacked.
>> I can't remember the last time that a system which was truly thought
>> to be secure and which was done properly was suddenly compromised
>> by a new
>> attack, rather than by not actually doing things properly.
>
> What is "truly thought to be secure"? Was DVD encryption "truly thought to
> be secure"? Some people sure did think it was. It was broken.
Well, OK, he should have said "truly thought to be secure by somebody
competent".
> Are CAPTCHAs thought to be a secure solution to spammer bot problem? Farms
> of cheap human labor in India break CAPTCHAs for pennies, and lo it
> was broken.
Here you've finally got a point -- the cost of breaking was
overestimated.
> How about van Eck phreaking attacks?
Huh? This is sort of the poster child of "how secure is it supposed
to be, so how hard should we shield the room"? In the late 1970s I
knew people who worked in Faraday cages with a line on the floor
marking how close to the wall any computer equipment was allowed to
be. I don't really know how early those environments existed; the
late 1970s is when I was an undergraduate.
> Successful attacks frequently go undetected.
That's an awfully hard claim to prove.
>> At this point, it is known how to limit access to a computer system to
>> certain individuals to any desired degree of confidence.
>
> Gee, most books and experts on computer security don't seem to agree with
> your point.
Not the ones I read. Got some cites?
>> To the extent that it is not done, it's because it's too expensive,
>> not because
>> nobody knows how. This fits my idea of a "solved problem" pretty well.
>
> "Anybody can design a system he can't break". But that does not mean
> the system
> is unbreakable. It frequently is.
That's one of my favorite Schneier quotes. And he's one of the most
consistent "security is all about costs vs. benefits" authors I've
ever ready.
> [...]
>> Now, take *my* car, and secure it with a password. I'll come up with a
>> good, strong password which is impractical to crack or guess. Now try to
>> gain access to the car without my permission.
>
> I'm your kid, right? I install a tiny video-camera somewhere and capture
> your password, and then I can reprogram the car to take me anywhere I want
> to. Or I install a tiny microphone and record the sound of you entering the
> password and then I recover the password from that. Easy as pie.
Both my kids knew at the appropriate ages that successfully executing
either of those exploits would have a cost far, far in excess of any
possible benefit.
> Or I download a "hacked update CD" from the Internet, put it in the
> computer,
> and it cracks the car software due to a buffer overflow or some other
> bug that
> was discovered by some hacker long after the car was manufactured and
> released.
> Software is buggy. (Well, maybe you're from an alternate world where
> "creating
> computer software without any bugs is not a completely solved problem, but
> close to one", you never know on UseNet :-))))
I don't think Michael lives in any such world. He didn't say he does;
I know I don't and I agree with him completely.
> Passwords are good for remote access, when your client sends an
> already hashed
> password to the software that checks whether you are you, but securing
> a home
> environment against password capture is very difficult.
Without violating the physical security of my home, I'll hazard a
guess that that's extremely unlikely in my case.
> If I'm not your kid but a friendly neighbourhood vehicle thief, I just get
> out power tools, remove the car computer and replace it with my own
> computer.
> Then I drive to a safe place, and I wipe your computer clean, install
> my own
> password and I have a car. Or I dismantle it and sell as parts, whatever.
That's not the threat being addressed in this discussion. You're
describing a class of friendly neighborhood vehicle thief who is much
more likely to drive up in a flatbed with a sign on the door saying
"Joe's Vehicle Repossion Service", load the car up on the flatbed, and
drive away.
> Cracking passwords is an issue with systems where it is possible to
> attempt a
> brute-force crack - that is why a four digit PIN for a credit/debit card is
> perfectly secure.
>
>> Whether passwords are worthwhile depends entirely on what your goal
>> is. If your goal is for every single user to be secure, then yes,
>> they are bad.
>> But if your goal is merely to allow motivated people to be secure if they
>> want to be, passwords do the job just fine. The job of keeping your kids
>> out of your stuff ought to fall into the second category.
>
> It seems you're really clueless about security. For a nice,
> introductory and
> easy to digest primer on general security issues, I recommend either
> "Secrets
> and Lies: Digital Security in a Networked World" (for why computers and
> computer networks are inherently insecure in their current
> incarnation), or,
> as a more general look at security issues, "Beyond Fear: Thinking Sensibly
> about Security in an Uncertain World", both by Bruce Schneier.
Oddly enough, I've read both of those books and agree with Michael
completely. In fact, to me Shneier's central thesis seems to be that
security needs to be regarded completely in terms of cost-benefit.
I'll just note that I recognized the Schneier quote up above before
you suggested people read his (excellent) books.
And to think I was afraid we wouldn't be able to have a civil discussion!
>> If cost is no object, such a system can be created to any desired degree
>> of reliability.
>
> It's not a matter of cost. It's a matter of complexity. Complex systems
> have unexpected failure points. Complexity is the enemy of security. And
> computers are inherently complex.
>
> Unless you count "the system is completely unusable, because it was encased
> in concrete and dumped down the Mariana trench" to be "merely question of
> cost" (that is, the cost of having a perfectly secure system is to have
> a perfectly unusable system).
A perfectly secure system does tend to be perfectly unusable. A nearly
perfectly secure system is generally really hard to use. It's certainly
one of the costs.
>> Computer security failures are almost universally due to people not being
>> willing to bear the cost of better security, whether it be financial,
>> time, organizational, or mental.
>
> No, computer security failures are quite frequently the result of an
> unpredicted
> mode of attack.
Such as?
From what I've seen, security failures tend to fall into one of just a few
categories:
1) Buffer overflows, quoting errors, and other programming faults.
2) Making up techniques and thinking that they're secure, rather than
using known-secure ciphers, algorithms, etc.
3) Social attacks.
>> I can't remember the last time that a system which was truly thought to
>> be secure and which was done properly was suddenly compromised by a new
>> attack, rather than by not actually doing things properly.
>
> What is "truly thought to be secure"? Was DVD encryption "truly thought to
> be secure"? Some people sure did think it was. It was broken.
No competent person ever thought that DVD encryption was secure. I doubt
that even the designers thought it was. It had two very large strikes
against it:
1) It committed the cardinal sin of cryptography: thou shalt not design
thine own cipher. I suspect that this was due to management insisting on
using a "secret" algorithm rather than using something proven.
2) US cryptography export regulations limited it to 40-bit keys.
And of course both of these were known while it was being designed. Anyone
familiar with cryptography and with how it was being made could have told
you that it would never be secure.
> Are CAPTCHAs thought to be a secure solution to spammer bot problem? Farms
> of cheap human labor in India break CAPTCHAs for pennies, and lo it was
> broken.
I don't think that this even makes sense given the context. CAPTCHAs
essentially impose a large computational cost on a transaction, with the
type of computation geared toward something that human brains are good at
but computers are not. The intention is to allow access by humans but not
automated access by computers. If they're being "broken" by cheap Indians
then that's simply because its goal is insufficient. After all, cheap
Indians are humans too.
> How about van Eck phreaking attacks?
Trivial to shield against if you care about them enough to do it.
> Successful attacks frequently go undetected.
>
>> At this point, it is known how to limit access to a computer system to
>> certain individuals to any desired degree of confidence.
>
> Gee, most books and experts on computer security don't seem to agree with
> your point.
>
>> To the extent that it is not done, it's because it's too expensive, not
>> because
>> nobody knows how. This fits my idea of a "solved problem" pretty well.
>
> "Anybody can design a system he can't break". But that does not mean the
> system
> is unbreakable. It frequently is.
Unbreakable because of limited resources or because of design constraints
beyond security desires.
> [...]
>> Now, take *my* car, and secure it with a password. I'll come up with a
>> good, strong password which is impractical to crack or guess. Now try to
>> gain access to the car without my permission.
>
> I'm your kid, right? I install a tiny video-camera somewhere and capture
> your password, and then I can reprogram the car to take me anywhere I want
> to. Or I install a tiny microphone and record the sound of you entering the
> password and then I recover the password from that. Easy as pie.
If my kid is spying on me to that extent then I have a lot more to worry
about than my car. And I think that your "easy as pie" is being brutally
unfair. What you describe is, in fact, really difficult, and beyond what
nearly any child will be able to accomplish.
There's an odd tendancy when discussing computer security to accept
nothing less than perfection, when the equivalent physical security is
accepted when it provides nothing more than a minor speedbump. In this
case, we accept that a child can easily steal your car right now, but if
it becomes computer controlled then suddenly it must become perfect.
Anyway, add another link to the chain here. Require both a password and a
one-time code from something like RSA's keyfob system. Now my child has to
both snoop my password and steal a physical object from me, and if he's
willing to do that then the possibility that he'll reprogram my car to
take him somewhere else is far down my list of worries. Add a GPS logging
system so that tampering can be detected afterwards, and you have a system
that's more than secure enough for the task without being very expensive.
> Or I download a "hacked update CD" from the Internet, put it in the
> computer,
> and it cracks the car software due to a buffer overflow or some other bug
> that
> was discovered by some hacker long after the car was manufactured and
> released.
> Software is buggy. (Well, maybe you're from an alternate world where
> "creating
> computer software without any bugs is not a completely solved problem, but
> close to one", you never know on UseNet :-))))
If the car has remote access, then it will certainly have remote updates.
If it doesn't, then this problem doesn't exist.
> Passwords are good for remote access, when your client sends an already
> hashed
> password to the software that checks whether you are you, but securing a
> home
> environment against password capture is very difficult.
>
> If I'm not your kid but a friendly neighbourhood vehicle thief, I just get
> out power tools, remove the car computer and replace it with my own
> computer.
> Then I drive to a safe place, and I wipe your computer clean, install my
> own
> password and I have a car. Or I dismantle it and sell as parts, whatever.
Protecting against theives is certainly harder. Again, it's a question of
how much you're willing to spend.
> Cracking passwords is an issue with systems where it is possible to
> attempt a
> brute-force crack - that is why a four digit PIN for a credit/debit card is
> perfectly secure.
I don't understand this one at all. First of all, why do you even bring up
brute-force cracking? Second, why do you claim that a four-digit PIN is
perfectly secure? A 0.03% chance of guessing someone's PIN before
the machine decides I'm unauthorized and eats the card doesn't come
anywhere close to my idea of "perfectly".
>> Whether passwords are worthwhile depends entirely on what your goal is.
>> If your goal is for every single user to be secure, then yes, they are
>> bad.
>> But if your goal is merely to allow motivated people to be secure if they
>> want to be, passwords do the job just fine. The job of keeping your kids
>> out of your stuff ought to fall into the second category.
>
> It seems you're really clueless about security. For a nice, introductory
> and
> easy to digest primer on general security issues, I recommend either
> "Secrets
> and Lies: Digital Security in a Networked World" (for why computers and
> computer networks are inherently insecure in their current incarnation),
> or,
> as a more general look at security issues, "Beyond Fear: Thinking Sensibly
> about Security in an Uncertain World", both by Bruce Schneier.
This is kind of ironic, as Schneier is a big proponent of really paying
attention to exactly what kind of threat you face, how much you stand to
lose, and how much you're willing to pay, and only doing as much security
as makes sense given all of that. Which is exactly what I said.
Can you secure your car so that it's reasonably safe from snoopers
planting miniature video cameras, analyzing your password based on the
sounds that your keys make as you type it, flashing the car computer with
new software, and other such advanced techniques? Sure. It's going to cost
you a *lot* of money and inconvenience, and will probably involve things
that will destroy any trust you had with your children, but it can be
done. Stopping your kids from tricking their electric chauffeur into
taking them to the ice cream stand, that's well on the easy side of
things.
>> 5) It's free up lots of time. Better to spend the half-hour on the way
>> to work for reading the newspaper or this mornings email, rather than
>> for driving.
>>
>
> Just use public transport.
Errm... that rather depends on where you live, where you work, and how long
you want to take to get there. In large metropolitan areas public transport
may work. In smaller areas, buses simply don't go where you want them to go
and trains/trams/light rail are more restricted or nonexistent.
I live about 10 miles from work... but I'd have to take three buses to get
there if I went by bus. That, or walk several miles. As it is I'd have to
walk a half mile from home to one bus stop and maybe three-quarters of a mile
from the nearest stop to the office. My right knee ensures that doing that is
a non-starter for me.
Driving is faster, easier, and more cost-effective. Letting an AI drive would
be even more so.
And be foiled by a renegade and his plucky companions. Repeatedly. To
the point that when you think you have him and his friends trapped and
are about to finally detonate the Reality Bomb, an impossible duplicate
of him shows up with ANOTHER plucky companion to disrupt your rants,
destroy your army of invincible robots, and whisk all his friends and
family to safety.
Indeed. I live about 6 miles from my work -- less, on a straight-line
distance. And I'm not sure there IS a way for me to take public
transport to my current work location -- and I'm DAMN sure it would take
at least one transfer, and require at least an hour and a half to two
hours or more of my time.
Driving, it takes me 15 minutes. 20, sometimes, with traffic. 45 if
it's snowed and everyone's forgotten how to drive, but that would make
the bus trip something like 3 hours.
There's a FEW places that have public transport that serves their area
decently. I've never lived in one.
(Plus there's the fact that you'd probably have better success
convincing me to have my balls removed with a rusty spoon than get me to
take the bus, but that's a separate issue)
> Can you secure your car so that it's reasonably safe from snoopers
> planting miniature video cameras, analyzing your password based on the
> sounds that your keys make as you type it, flashing the car computer with
> new software, and other such advanced techniques? Sure. It's going to cost
> you a *lot* of money and inconvenience, and will probably involve things
> that will destroy any trust you had with your children, but it can be
> done. Stopping your kids from tricking their electric chauffeur into
> taking them to the ice cream stand, that's well on the easy side of
> things.
The problem is often not kids, but organised car theives.
--
__________
|im |yler http://timtyler.org/ t...@tt1lock.org Remove lock to reply.
There are continents where decent public transport even in small urban
areas does exist.
mawa
--
http://www.prellblog.de
Not sure where the OP is but the problem where I live is population
density, not total population. If everyone lived closer together you
could a run a bus back into the nearest city station, but as it is you
would either need a lot of buses or a population tolerant of long bus
rides. Otherwise the buses would run empty or near empty virtually all
the time.
Robert
--
Robert K. Shull Email: rkshull at rosettacon dot com
And there are continents where the public transport problem is considerably
worse. (South America, or at least Caracas, Venezuela. Africa, or at least
Nairobi, Kenya. Asia, or at least India...) I'm in South Florida. For the
most part buses do not exist outside of major urban zones (which, to be fair,
is pretty much everything east of the Turnpike) and there is one, and only
one, commuter rail line. (Not 'system'. _Line_. TriRail runs north-south
parallel to I-95 from northern Palm Beach County to central Dade. (Hence
'TriRail', as it runs through three counties: Palm Beach, Broward, and Dade.)
I-95 is nowhere further than five miles from the sea for almost all of that
stretch. The nearest TriRail station to me is about 15 miles away; I'm well
to the west, nearly to the Turnpike in fact, and the West Palm Beach station
is almost as far away as the roads go as the Lake Worth station. There's no
point my taking TriRail to reach anywhere in Palm Beach County, it's faster
to drive. I do take it, sometimes, when I'm going to Dade and the destination
is close to one of the Dade stations, because I-95 in Dade is a death trap.
Palm Beach has its own bus system, Broward has its own bus system, Dade has
its own system, and links between the three are... limited. It would make
more sense if TriRail pushed north to at least Martin County and south to the
southern part of Dade, and if the Palm Beach, Broward, and Dade bus systems
were combined into one, but that ain't gonna happen anytime soon. A few
east-west TriRail links would also be nice, but that also ain't gonna happen.
> In rec.arts.sf.fandom Matthias Warkus <War...@students.uni-marburg.de> wrote:
>> J.J. O'Shea schrieb:
>>> On Thu, 11 Sep 2008 09:49:06 -0400, Blank wrote
>>> (in article <48c921b5$1...@news.kcl.ac.uk>):
>>>
>>>>> 5) It's free up lots of time. Better to spend the half-hour on the way
>>>>> to work for reading the newspaper or this mornings email, rather than
>>>>> for driving.
>>>>>
>>>> Just use public transport.
>>>
>>> Errm... that rather depends on where you live, where you work, and how
>>> long
>>> you want to take to get there. In large metropolitan areas public
>>> transport
>>> may work. In smaller areas, buses simply don't go where you want them to
>>> go
>>> and trains/trams/light rail are more restricted or nonexistent.
>>
>> There are continents where decent public transport even in small urban
>> areas does exist.
>
> Not sure where the OP is
Palm Beach County, Florida.
> but the problem where I live is population
> density, not total population.
The population is fairly dense near the sea, and further south, in Broward
and Dade. Things thin out considerably as you go west and north. Ft
Lauderdale, in Broward, certainly has a larger population than the whole of
Martin County; West Palm Beach probably does, too. Miami, in Dade, has a
larger population than Ft Lauderdale and West Palm combined. Dade's bus
service is better than Palm Beach's or Broward's but still stinks. South
Florida ain't the place to be if you don't have a car.
> If everyone lived closer together you
> could a run a bus back into the nearest city station, but as it is you
> would either need a lot of buses or a population tolerant of long bus
> rides. Otherwise the buses would run empty or near empty virtually all
> the time.
That is precisely the reason why Palm Beach has recently closed down several
bus routes.
>
> Robert
Well, if he hadn't wasted all that time monologuing. Classic bad-guy
mistake....
If you don't do your monologuing, you're unworthy. Especially if you're
a Mad Scientist; you have to do the Monologue-Segue-to-RANT.
People like that Ozymandias clown give megalomaniacal world-destroyers
a bad name.
[...]
>>>>> Creating a computer system which can only be accessed by certain
>>>>> individuals is, while perhaps not completely a solved problem, pretty
>>>>> close to one.
>>>> You're kidding, right? :-)
>>> Why would I be kidding?
>> If you're not kidding, then you're either trolling or clueless.
> And to think I was afraid we wouldn't be able to have a civil discussion!
This is usenet, I was civil once and my posting license got suspended. :-)
[...]
>> Unless you count "the system is completely unusable, because it was
>> encased in concrete and dumped down the Mariana trench" to be "merely
>> question of cost" (that is, the cost of having a perfectly secure
>> system is to have
>> a perfectly unusable system).
>
> A perfectly secure system does tend to be perfectly unusable. A nearly
> perfectly secure system is generally really hard to use. It's certainly
> one of the costs.
Good to see we agree on something. :-)
[...]
>>> Computer security failures are almost universally due to people not
>>> being willing to bear the cost of better security, whether it be
>>> financial,
>>> time, organizational, or mental.
>> No, computer security failures are quite frequently the result of an
>> unpredicted mode of attack.
> Such as?
Side-channel attacks on smartcards, for example. "Yay, we've got these
chips with strong crypto, go us, we're secure now". And then somebody
gets a bright idea and measures the temperature and power use of a chip
which performs the strong crypto in question and suddenly the strong
becomes brittle.
> From what I've seen, security failures tend to fall into one of just a
> few categories:
> 1) Buffer overflows, quoting errors, and other programming faults.
"Software bugs". That's quite a large category. However, eliminating that
one
is pretty easy, you just have to manufacture software that is free of bugs.
Unfortunately, the software industry seems incapable of doing that.
What's more, security flaws are more problematic to find than simple
bugs - beta-testing will reveal many bugs, but it will frequently not
reveal security flaws, because beta-testers are rarely highly qualified
and motivated attackers.
> 2) Making up techniques and thinking that they're secure, rather than
> using known-secure ciphers, algorithms, etc.
That is a common problem. However, you seem to be belaboring under a
miscoprehension that there is something like a "known-secure cipher".
Well, OK, there is one-time pad, which when applied correctly is
uncrackable.
However, most security techniques are "known to be secure" only in the
sense that "nobody has shown how to crack this technique - yet". It is
possible that there is no crack, but it is certainly far from certain.
For example, is it possible to prove that factoring large primes in a
shor time is not possible? Maybe it is, but so far nobody has proven
it yet, so we may only hope. And so far, asymmetric ciphers based on
prime factoring being a one-way function work, and if you want a strong
asymmetric cipher you can take RSA and it's a well known,
peer revieved algorithm - so the probability that somebody will break
it open like a lobster is much lower than if you just invent an asymmetric
prime factoring based algorithm yourself.
But it's not a question that if you use RSA then youre secure
and if you use your own algorithm, you're insecure. If you use RSA,
then the probability of your cipher being broken is lower. Security
always comes in grades and there's no perfect one - you might never
know that the Chinese mathematicians working deep underground in
secret facilities have stumbled upon a method of quickly factoring
large primes and the Chinese government can crack your codes open.
Or NSA and American government. Or some hacker in Upper Molvania.
Now, for good security, it is not necessary to have a single bullet-proof
technique (say, "passwords to prevent people from accessing a car
computer"),
because good security is multi-layered - you don't put a super-strong lock
on a flimsy door, and a bank does not rely solely on having a vault to
protect its money - it relies on a combination of vault, alarms,
communication,
police backup and so on.
[...]
>>> Now, take *my* car, and secure it with a password. I'll come up with a
>>> good, strong password which is impractical to crack or guess. Now try
>>> to gain access to the car without my permission.
>> I'm your kid, right? I install a tiny video-camera somewhere and capture
>> your password, and then I can reprogram the car to take me anywhere I
>> want to. Or I install a tiny microphone and record the sound of you
>> entering the password and then I recover the password from that. Easy
>> as pie.
> If my kid is spying on me to that extent then I have a lot more to worry
> about than my car.
So, basically, you've reduced your position from "Creating a computer
system
which can only be accessed by certain individuals is, while perhaps not
completely a solved problem, pretty close to one. The secret is not to use
any "locks" or "codes" or any other such nonsense, but to simply come
straight out and put a strong password on the thing" to "I can use a strong
password to protect my car against my children, because I trust them not
to spy on me"?
This is not a systemic solution to the issue of "children should in general
not be able to reprogram the car to take them where they want to, instead
of
where parents want to". What's more, your argument can be used to claim
that
no security against children reprogramming the car is really necessary,
because,
after all, if I can't trust my children not to reprogram the car, then I'm
doing a bad job as a parent. Well, maybe I can trust my hypothetical
children
not to abuse my trust when I give them the car (because my children are
very,
very well behaved) and maybe you can trust your hypothetical chilren not to
look at the strong password you're entering nor to install a small, cheap
pinhole camera somewhere within the car (because while your childred are
not
so well behaved that trust is needed, and you need an epic passpoem to
protect your car, they are trusted enough not to spy on you), but there
will
be people from problem families and they should be able to secure their
cars
against their children.
You have suggested that strong passwords are a solution to preventing
access
to computer systems. They are not, they will only work as a part of a
multi-layered approach to security, just as a high quality lock does not
provide good security when put in a flimsy door.
> And I think that your "easy as pie" is being brutally
> unfair. What you describe is, in fact, really difficult, and beyond what
> nearly any child will be able to accomplish.
I think you really underestimate children. Especially children in times
of robot cars. They can probably get a small video-camera by dismantling
one of their toys and plucking its eye out. :-)
> There's an odd tendancy when discussing computer security to accept
> nothing less than perfection, when the equivalent physical security is
> accepted when it provides nothing more than a minor speedbump.
I don't require perfection in computer security, what's more, I don't
believe
it is achievable. Which is why your assertion of "nearly solved problem"
was
so... refreshingly different. ;->
> In this case, we accept that a child can easily steal your car right
> now, but if
> it becomes computer controlled then suddenly it must become perfect.
I never claimed it must become perfect. The entire sub-thread started with
your assumption that an almost-perfect solution to problem of preventing
unauthorized access exists in the form of strong passwords, which was
somewhat
of a controversial statement to me.
> Anyway, add another link to the chain here. Require both a password and a
> one-time code from something like RSA's keyfob system. Now my child has
> to both snoop my password and steal a physical object from me, and if
> he's
> willing to do that then the possibility that he'll reprogram my car to
> take him somewhere else is far down my list of worries. Add a GPS logging
> system so that tampering can be detected afterwards, and you have a
> system that's more than secure enough for the task without being very
> expensive.
This is a much better system. It requires something you know, something you
have, and has accountability. :-)
It is, however, significantly different from "well, you can set a strong
password here on your car, so the issue of unauthorized people gaining
control
over it is pretty much solved".
[...]
> I don't understand this one at all. First of all, why do you even bring
> up brute-force cracking?
Well, you said that security against children can be provided by setting
a strong password, most probably because a password like "1234" can be
cracked with enough patience by a bright ten year old. :-)
> Second, why do you claim that a four-digit PIN is
> perfectly secure? A 0.03% chance of guessing someone's PIN before
> the machine decides I'm unauthorized and eats the card doesn't come
> anywhere close to my idea of "perfectly".
Sorry, a bad expression. Four digit PIN is more than adequate, using
the word "perfectly" here was a bad choice of words. :-) I don't believe
in perfect security. There are always potential flaws in security, because
you can't anticipate all attack modes.
[...]
>> It seems you're really clueless about security. For a nice, introductory
>> and easy to digest primer on general security issues, I recommend either
>> "Secrets and Lies: Digital Security in a Networked World" (for why
>> computers and
>> computer networks are inherently insecure in their current incarnation),
>> or, as a more general look at security issues, "Beyond Fear: Thinking
>> Sensibly about Security in an Uncertain World", both by Bruce Schneier.
> This is kind of ironic, as Schneier is a big proponent of really paying
> attention to exactly what kind of threat you face, how much you stand to
> lose, and how much you're willing to pay, and only doing as much security
> as makes sense given all of that. Which is exactly what I said.
Nope, that's not what you said. :-)
IMO a password and a biometric verification by internal vehicle sensors
is a very adequate security for a robot car, and if children work hard
enough on reprogramming the car so that they can sneak out in the middle
of the night to a party at their friends house, well, it's
an acceptable trade-off for convenience.
However, I would never claim that we have pretty much cracked the entire
computer security issue and it's simply a matter of having a strong
passphrase, then you're all set and secure, which is what you did.
> Can you secure your car so that it's reasonably safe from snoopers
> planting miniature video cameras, analyzing your password based on the
> sounds that your keys make as you type it, flashing the car computer with
> new software, and other such advanced techniques? Sure. It's going to
> cost you a *lot* of money and inconvenience, and will probably involve
> things
> that will destroy any trust you had with your children, but it can be
> done. Stopping your kids from tricking their electric chauffeur into
> taking them to the ice cream stand, that's well on the easy side of
> things.
IMO you can secure your car so that it's _reasonably_ safe from takeover,
but you can't secure your car so that it's _competely_ safe. It is not
possible to solve the problem of "creating computer systems only certain
people can access" because security is mainly reactive and you can't
anticipate all attacks. That is why military tends to lock their computers
inside compounds guarded by armed men, and on more sensitive data you
take your hard disk out of the computer when you finish work and put it
in a safe.
[...]
>> It's not a matter of cost. It's a matter of complexity. Complex systems
>> have unexpected failure points. Complexity is the enemy of security. And
>> computers are inherently complex.
> How to make a computer system secure is well-understood, and has been
> for decades.
Well, it's more like "how to make a computer system more secure/less
secure".
It's a far cry from "issue of unauthorized access can be pretty much
solved".
> There's a pretty straightforward "what does it cost, how
> hard does the user have to work, how secure is it" relationship.
The problem is that it's not possible to have "really expensive and
practically
copletely secure" - there are limits to how secure you can make a computer
system, which is why really sensitive systems rely not on computer security
but on physical security, walls, armed guards and not being connected
to the Internet.
[...]
>>> Computer security failures are almost universally due to people not
>>> being willing to bear the cost of better security, whether it be
>>> financial,
>>> time, organizational, or mental.
>> No, computer security failures are quite frequently the result of an
>> unpredicted mode of attack.
> Only in the sense that extraordinary numbers of people in reasonably
> secure positions aren't willing to bear the miniscule cost of
> wondering if they might be attacked.
I'm not sure I follow you here.
[...]
>>> I can't remember the last time that a system which was truly thought
>>> to be secure and which was done properly was suddenly compromised
>>> by a new attack, rather than by not actually doing things properly.
>> What is "truly thought to be secure"? Was DVD encryption "truly thought
>> to be secure"? Some people sure did think it was. It was broken.
> Well, OK, he should have said "truly thought to be secure by somebody
> competent".
:-) Well, OK, you can prove that "systems designed by competent people are
unbreakable" if you define 'competent people' to be "people who design
systems that have never been broken". This is, however, a circular
definition
(circular definition - see 'definition, circular').
[...]
>> How about van Eck phreaking attacks?
> Huh? This is sort of the poster child of "how secure is it supposed
> to be, so how hard should we shield the room"?
Just like the side channel attacks, there was a time before such
attacks were thought of :-)
[...]
>> Successful attacks frequently go undetected.
> That's an awfully hard claim to prove.
Come on. Let's start at the beginnings. Say, Enigma. And Venona. And plenty
of others we'll probably never know of untill they're declassified.
The whole problem of computer security (and in general communications
security)
is that a successful attack allows the attacker to read and to copy
information
stored in the compromised computer or compromised communication and does
not
require stealing anything. A bank that's been robbed knows it's been
robbed,
because there is no longer any money in the vault. A company that's been
hacked
and it's secret plans were copied and sold to the highest bidder may after
some
time suspect that something's afoot, but they won't know whether their
secret
plans were leaked by an employee, or obtained by a hacker, or whether
somebody
planted a bug in CEOs office, and so on.
[...]
>>> At this point, it is known how to limit access to a computer system to
>>> certain individuals to any desired degree of confidence.
>> Gee, most books and experts on computer security don't seem to agree
>> with your point.
> Not the ones I read. Got some cites?
"Detection is much more important than prevention. As I have repeatedly
stated in this book, it is fundamentally impossible to prevent attacks."
from Secret and Lies.
[...]
>> I'm your kid, right? I install a tiny video-camera somewhere and capture
>> your password, and then I can reprogram the car to take me anywhere I
>> want to. Or I install a tiny microphone and record the sound of you
>> entering the password and then I recover the password from that. Easy
>> as pie.
> Both my kids knew at the appropriate ages that successfully executing
> either of those exploits would have a cost far, far in excess of any
> possible benefit.
So? I think that both of your kids at the appropriate ages would also be
stopped by saying "you can't use the car without my permission". That
is completely irrelevant to the issue of car security in general. :-)
[...]
>> It seems you're really clueless about security. For a nice,
>> introductory and easy to digest primer on general security issues, I
>> recommend either
>> "Secrets and Lies: Digital Security in a Networked World" (for why
>> computers and
>> computer networks are inherently insecure in their current incarnation),
> Oddly enough, I've read both of those books and agree with Michael
> completely.
You agree with thesis that security is pretty much a solved problem?
That's the thesis of "Applied Cryptography" :_)
> In fact, to me Shneier's central thesis seems to be that
> security needs to be regarded completely in terms of cost-benefit.
This is one of his theses. Another one is that "complex systems will always
be insecure, so you have to deal with it - involve detection and
prosecution,
don't rely on prevention only". And "complexity favors the attacker, and
the
world is becoming more and more complex".
Funnily enough, in his early works Schneier said that it's possible to have
perfect security by the use of security technologies, crypto and so on -
the
position that Michael seemed to be expounding in his posts that I've
replied
to. And then he started working in computer security, and wrote "Secrets
and
Lies". I read "Applied Cryptography" some time after it came out and for
some time, I also thought that computers can be made secure to any required
degree of security, it's simply a matter of inconvenience to users.
Then I've met some people who work in computer security, started reading
more
and decided that the world is not ideal. And I've read "Secrets and Lies",
too.
There's a nice preface to this book here:
http://www.schneier.com/book-sandl-pref.html
"I have written this book partly to correct a mistake.
Seven years ago I wrote another book: Applied Cryptography. In it I
described a
mathematical utopia: algorithms that would keep your deepest secrets safe
for
millennia (...) It's just not true. Cryptography can't do any of that.
It's not that cryptography has gotten weaker since 1994, or that the
things I
described in that book are no longer true; it's that cryptography doesn't
exist in a vacuum.
Cryptography is a branch of mathematics. And like all mathematics, it
involves
numbers, equations, and logic. Security, palpable security that you or I
might
find useful in our lives, involves people: things people know,
relationships
between people, people and how they relate to machines. Digital security
involves
computers: complex, unstable, buggy computers.
Mathematics is perfect; reality is subjective. Mathematics is defined;
computers
are ornery. Mathematics is logical; people are erratic, capricious, and
barely
comprehensible.
The error of Applied Cryptography is that I didn't talk at all about the
context.
I talked about cryptography as if it were The AnswerTM. I was pretty
naïve."
And I've found Michael's post is similarly naive, stating that computer
security
is pretty solved and strong passwords are The Answer. They're not. :-)