Abstract:
“You are one of the most significant security threats to your company. We all know we are going to fix better passwords / encryption / firewalls / etc. one day. Getting properly hacked is one of those things that is a lot more comfortable to prevent beforehand than to gather the shattered pieces afterwards. In this talk, we will take a practical approach to good personal digital security. We will start with the easy parts before drilling through the layers of security, down to the parts that are unpredictable and dangerous. Bring your laptop and a tin foil hat.”
Topics include: What it's like to get properly hacked. Using password managers. Operating system security. Browser security. Encryption, firewalls, factors, and other means of protection.
Presented at JavaZone 2016, Oslo, Norway. Would love some feedback here in HN comments! Hope you learn something.
That part freaked me out because that was one of the ways I thought I could tell authentic from propaganda. I thought people in power didn't know how to blend in naturally to forums and their comments always stood out, but it looks like they do get it. Now I'm worried that my propaganda/astroturfing indicators don't work as well as I thought they did.
You probably need constant vigilance to be aware how propaganda is being spread.
Everyone is probably constantly trying new ways to spread it.
Truth seems to be under attack in every direction.
Of course, it can be difficult to tell those who are a bit fanatical about an issue from astroturfers, usually because the fanatical people are sourcing from blogs etc written by the astroturfers
“The test cars are now able to handle lane following, speed adaption, and merging traffic all by themselves,”
This is an important step, although I must say they appear to be far behind Google. My money is on Google getting to an acceptable deployment phase far earlier.
Given the driving conditions in Sweden and the years of experience Volvo has as a car company, I would bet they will be able to deploy and all weather version before Google.
This effort does not appear to be as ambitious as the Google approach. The cars drive a specific test route around "50 kilometers of selected roads in and around Gothenburg." That's quite a different thing than a system where you key in an arbitrary destination and the car drives you there.
I think they are probably trying to solve the same problem from two different directions.
Google appears to be making an advanced and expensive solution to "full" autonomous driving. The limitation will not be in where it can go, but it is initially limited in weather/environmental conditions. The target audience is likely not production cars in the short term, but a system like theirs can for example make their street view photography cars autonomous: they can work in summer, stop if it rains, and it doesn't matter too much if they cost twice as much as a regular car. It will of course be a regulation nightmare to allow the driverless cars out in the street though.
Volvo on the other hand will probably try to make a simpler and much less expensive solution that will have to work in rain/darkness/snow, and not add a significant amount to the cost of the car. Clearly that means having other restrictions, presumably in the overall intelligence or in which roads it works on. Volvo's system is likely intended for making day-to-day travel more secure at the lowest cost possible, not for creating completely autonomous navigation and problem solving (e.g. 4 way stop turn-taking). It must work in almost any environmental conditions, but it will probably require a driver at all times, and will almost certainly not work everywhere.
Never thought of this before but you might be spot on. Maybe Google has no intention of making autonomous cars for normal use but exclusively for Street View.
Street View is hopelessly out of date in many places (4 years in some parts of Sydney for example) and it has to be super expensive to keep thousands of people continuously driving around the world. And Street View will likely be a vital and profitable data source if VR/AR (in all its forms) is ever used en masse.
I wonder if they could cut costs simply by making an agreement with a taxi company to put the camera across a few cars. Then they would need less drivers to go out and cover the gaps taxi's don't cover over the course of a year or so. It would work well for urban cities one would think. Uber should have data to give a rough idea of coverage.
>Maybe Google has no intention of making autonomous cars for normal use but exclusively for Street View.
Sounds like too much expense for just that. If the problem of street view was it's cost you could just pay people to add a StreetView system to the roof of their cars and get the data much cheaper than having your own car. They may very well want to start by using Street View to validate the technology but the end-game must be larger.
If the problem of street view was it's cost you could just pay people to add a StreetView system to the roof of their cars and get the data much cheaper than having your own car.
I think you're underestimating the number of people you'd have to pay to get full coverage of cities. Most people do not drive around on every street in a systematic way; they have a small number of destinations and they usually take the same routes between them every time.
You'd have to optimize for that. You can add incentives for people to mix up their routes, and you can use a much smaller number of dedicated cars to cover whatever is left. My point was that if the problem you're trying to solve is "StreetView is too expensive to operate" you're not going to go and create self driving cars, you'd do something simpler.
That doesn't mean that once you do have self-driving cars you wouldn't use them for that. Or even that StreetView wouldn't be the first thing you'd use them for, since that's a good way to get more training data for your algorithms. But to suggest they'd go to all the expense of creating self-driving cars to then use them just as a cost saving measure for StreetView sounds strange.
Not to kick the guy that's down, but "I wish we had more recent streetview, OH I KNOW lets build a totally autonomous car" sounds to me somewhat like "people want their postal mail online. OH I KNOW lets send somebody to every house and pick up the mail the mailman left."
Not unlike the experience for drivers on Lyft and UberX it would be trivial for Google to create a rig and an app. You set the magnetic camera rig on your roof and sign in. It shows you available routes and how much they'll pay for them. The offer increases every so often if nobody selects the route. Done.
Well, even if improving Street View is a shorter term goal, it seems pretty reasonable to assume that Google has at least some intention of using that same core technology to pioneer, or at the very least compete in, the very lucrative market of autonomous consumer vehicles down the road.
> Vissa korsningar har en stoppskylt vid varje väg, ett så kallat flervägsstopp. Det innebär att alla som kommer till korsningen måste stanna, oavsett vilken väg man kommer på. Tanken är att man vid flervägsstopp ska ta ögonkontakt med medtrafikanter för att på så sätt komma överens om vem som ska köra först.
Or my translation "Certain intersections have a stop sign at every way, a so-called multi-way stop. This means that everyone who comes to the intersection must stop, despite which way they come from. The thought is that people at the multi-way stop will make eye contact with their fellow drivers in order to come to an agreement on who shall drive first.
(Apparently the actual law says "ömsesidig hänsyn" - "mutual consideration.")
That said, they aren't anywhere near as common as the US.
Do you actually have them in Sweden? I was taught similar rules back when getting a driving licence, but it doesn't neccessarily mean that such intersections exist - I was told about intersections that were like that in 1960ies, but those spots have traffic lights now.
I biked through one yesterday, in Trollhättan. If you do an image search for "flervägsstopp" you'll find several images, including this one which is specifically a four-way stop: http://www.trafikmagasinet.nu/art090503.htm .
Hej! Another Trollhättebo! Yeah, I actually passed a couple on my ride, though I only mentioned one. As an American my baseline is the number of 4-way stops in the US. I've only lived in Gothenburg and here, which gives a poor sampling bias.
Oh? At least in Germany it's that you have to yield to a driver to the right (ignoring priority roads) but if you have an intersection of non-priority roads and a car from each direction someone has to make a decision to go first, otherwise it's a deadlock.
Europe doesn't generally use 4-way stop signs (http://en.wikipedia.org/wiki/All-way_stop) in the traffic regulations; intersections tend to be either regulated, or with one road designated as the priority, or as roundabouts, not like this.
I've driven a bit around Europe, but I have never seen a single such intersection in my life - if they exist, they must be rare.
Of course, "if you have an intersection of non-priority roads and a car from each direction" then it's the same, but in practice it seems that 'they' make sure that such intersections are only in extremely low-traffic places where you'll very rarely see another car at the same time.
In Sweden as soon as you're in a residential area or out in the countryside, unmarked priority-to-the-right crossings are the norm. And if cars from all directions in a crossing arrive at once, you end up with an ambiguous 4-way stop situation.
In creating an autonomous car, successfully handling those rare edge cases are going to be the thing that differentiates success from failure. Roundabouts and Michigan left turns are rare in most places in the US, but an autonomous car would still have to be able to handle them.
In Europe you can have ambiguous situations with the priority to the right, where you are supposed to be courteous and wave the driver if both (or more) have the right of way.
But those 50 kms are, according to the article, 'main commuter arteries' which to me makes it seem that they selected a small set of roads not to make the driving circumstances easier but to be able to more easily monitor the cars that drive there and to be able to reproduce similar situations more easily, to test improvements to certain algorithms or hardware.
So basically they're testing under the 'worst' circumstances, making it likely that it will perform well on 'easy' routes as well. This approach makes sense - what good is it to clock 1000's of kms of test drives on straight roads with no traffic and in broad daylight?
It seems unlikely to me that the supported routes have train tracks, construction cones, bike lanes, etc. -- the kinds of difficult problems of urban driving that Google has put a lot of resources into solving.
Driving in Göteborg is by no means a piece of cake. Unlike most American cities, there are a lot of pedestrians and bicycles, plus trams, and by necessity they sometimes take priority over car traffic.
However, one major traffic simplification in Europe is that there is no such insanity as "go ahead and turn right even when the light is red -- and run over crossing pedestrians unless they back off."
Might be true that the supported route are favourable, Gothenburg however do operate streetcars/trams together with regular buses as public transportation. These tracks will be hard to avoid in the city.
This quote from a long New York Times article on Google is highly relevant:
"The self-driving algorithms do not work because there has been some breakthrough in artificial intelligence; they run on maps. Every road that Google’s robo-cars drive on was first surveyed by a human-driven pilot car outfitted with sensors accurate enough to measure the thickness of the painted lines in the middle of the road. Every detail of the road has been mapped beforehand. According to Peter Norvig, Google’s head of research, it’s a hard problem for computer vision and artificial intelligence to pick a traffic light out of a scene and determine if it is red, yellow or green. But it is trivially easy to recognize the color of a traffic light that you already know is there."
So Google self driving cars run in a virtual environment prebuilt for them by their street view cars being manually driven, with sensor input to fill in the realtime data variables (people, other cars, traffic light state). Brilliant!
I don't see "Google needs to pre-map the route" as a hurdle at all. Even if Google had never been in my area, I would not mind one bit having to do my daily commute manually for a week while the car builds more and more detailed maps of the route, if it saved me the hassle of the commute for months thereafter.
Plus, every time the automatic car goes over the road, it's presumably checking its prior maps and flagging any anomalies from its preset mission. It still needs to recognize a new stop sign, but if a stop sign disappears, it will stop anyway while waiting for an answer on "was it was taken out on purpose, or did some kids steal it?".
This is the basis of the SLAM algorithms (SLAM = simultaneous localization and mapping). As you say, if we all had these cars, we'd quickly know about changes. Of course, the hard problem is finding the new lights, but if this was to become mainstream I think a lot of things would change. For example, if a town decides to install a red light, they don't just install one, they register it in a national database.
If the car could map the route automatically, then it wouldn't need the pre-map in the first place. The problem is that creating the map routes currently requires expert human attention. Driving your daily commute manually for a week won't do any good.
Yes, it is clear that the Google system needs quite a lot of data about the roads it is driving on. But given those roads with a high amount of detail, the Google system can (from my understanding) support keying in an arbitrary destination.
I may be reading too much into this, but when I read "test route" in the article, it gave me the impression that the Volvo approach is sort of like a train without the tracks -- only able to follow a pre-programmed route from point A to point B.
No, they picked a test route to be decently representative and allow them to setup their tests correctly. It is not an A to B thing. role_v's comment is a pretty good explanation https://hackernews.hn/item?id=7698495
Our aim is for the car to be able to handle all possible traffic scenarios by itself, including leaving the traffic flow and finding a safe ‘harbour’ if the driver for any reason is unable to regain control,” explains Erik Coelingh, Technical Specialist at Volvo Car Group.
In addition to what other’s have said it stuck me as very important that Volvo is having customers, not employees drive these cars. I imagine they react very differently, and will be better at simulating what the real world is like.
lane following, speed adaption, and merging traffic all by themselves
Well, that's better than most human Volvo drivers can do, by my experience. Whenever I see a car make a bone-headed move in traffic, chances are it's a Volvo.
This is, incidentally, the reason why government-resistant anonymity services need to be legal. If you don't care about stealing credit card numbers or hurting people then you don't care about breaking into some poor sucker's router. But if you're blowing the whistle on some organizational malfeasance, you won't, so you need the likes of Tor.
I think that oversimplifies an important point. Criminals may not CARE about breaking into someone's computer or router, but that doesn't mean they're capable of doing so. Tor significantly lowers the bar for anonymity online, and there is no question in my mind that it enables criminals who wouldn't have the means to mask their identities otherwise.
This is not necessarily an argument against tools like Tor, but it's a tradeoff that I think many Tor supporters are too willing to ignore.
Criminals are humans. They will use and abuse whatever infrastructure any other person has access to for their own purposes, much like (you guessed it) any other person.
Your argument is about as lazy as it is old. The only possible solutions are to make all criminals go extinct (good luck), or to take away tons of important tools away from the public, because get this, criminals might use them! How terrible.
Nowhere did I advocate "taking away tons of important tools", in fact I specifically said my point wasn't necessarily an argument against Tor. But what I think is lazy is the way some people pretend that there are no tradeoffs involved in things like Tor and that they only benefit "the public".
> Criminals may not CARE about breaking into someone's computer or router, but that doesn't mean they're capable of doing so.
The problem with this line of reasoning is that it covers such a small number of people. The only people your argument covers are serious criminals who a) are too stupid to be able to download a simple tool to exploit routers with unpatched vulnerabilities from last year and yet b) are still competent enough to use Tor without doing anything that would reveal their identity.
And that also excludes the most serious criminals because the set of people who can break into the computers of large organizations to commit crimes is essentially a superset of the set of people who can break into an unpatched consumer-level router.
As a young web engineer who have had the pleasure of dealing with what seems like 30 different versions of RSS-feeds, which also appear to be evolving in random directions like living things, I can confirm this. (I've also messed around in C, and even Assembly at one point.)
1. Google may cache all images in all emails sent to gmail.com instantly and regardless of the existence of the address. This would remove the possibility for marketers to check user timestamp, remove user data from request and hide user email existence.
2. Google does _not_ need to save each image from each unique URL separately, all they need to do is fetch each image and check against an already existing (mega)array of images they've fetched. This greatly reduces storage needed, but doesn't do much for the bandwidth requirement, but they won't care about bandwidth in all their Googleness.
3. The single most important aspect of this change has been omitted in the article, and in your comment: This change completely eliminates the risk of CSRF attacks by spammers and the likes. CSRF attacks are still number 8 on OWASPs list of top 10 attacks.
I thought that 99% of the images included in emails for tracking purposes are single pixel transparent GIFs - so no biggie in working out which ones those are...
In the e-mail campaigns we send every image is a tracking image. It all just goes into our log files an is then post-processed, so the additional cost of processing every image is minimal compared to the rest of the cost of the send.
Using a separate tracking pixel is pointless unless you for some reason want to let some third party track the opens (which some people might, e.g. to prove certain open rates)
Topics include: What it's like to get properly hacked. Using password managers. Operating system security. Browser security. Encryption, firewalls, factors, and other means of protection.
Presented at JavaZone 2016, Oslo, Norway. Would love some feedback here in HN comments! Hope you learn something.
@JohansenMichael