In one thread people fighting the ever decreasing amount of hw ownership of most devices in our lives and when we have one that is more open, the crowds come to attack that too.
The theat model with tech has always been that if an attacker has physical access to the device and time then it's game over.
Because it's not open for modification by the general public? (emphasis general, not just technically minded people)
Manufacturers need to pick a lane - either fully open, and then people who need it can harden their own stuff (and at least be aware of the tradeoff), or fully closed and secure.
This in-between where cars are invasive privacy nightmares that spy on you at all driving hours, and are insecure nightmares that will give up that data to anyone remotely invested, is the worst case scenario, obviously.
they can set it up to be secure by default and allow bootloader unlock like most android phones. if theres some form of owner authentication before you unlock evil maid attacks are impossible. you also need the ability to do a clean system reset and lock it again as many times as you want (no e-fuse, sorry samsung knox) so its safe to buy a used car even if the previous owner installed some spyware. all of that is tech that exists today.
How could the owner authenticate? With the car key?
How could you do a clean system reset after someone had access to all installed software/data including the cryptographic keys? The information is gone, maybe the recovery partition is changed. How could you securely recover?
Okay, what is fully open? Do you really think the head unit developer would hand you over a huge developer documentation about every bit in the software?
I'm freelancer and helped to develop some head units. I have a surprize for you: This documentation mostly doesn't exsists. Most of the time there are some chip datasheets and requirement documents, depending on the customer(car manufacturer) they are good or bad and then are some partly outdated wiki pages written down for some important special things. You learn all other stuff out of the code or from your colleagues.
Wait two years and the most knowledge is gone, except of the things that are used for the next head unit.
The biggest advantage actual developers have is access to the NDA'd vendor docs and the official SDKs. And, the vendor docs are bad and the official SDKs are a mess. Internal documentation? You'd be lucky if it's two steps above "nonexistent". It's usually just one step.
I mean, yes. I would like to know that because it’s an unacceptable state of affairs from my perspective. If the production line relied on just always having someone working who remembered things instead of a proper solution to the Hit By a Bus problem I wouldn’t be buying that brand. It is my anecdata, uninformed opinion much of IT for cars is below average development. I started to wonder about this when I got a hold of two USB images to update a Chevy Camaro in 2010 (open driver’s side door between keys to indicate you were about to install the second USB key) and it feels weird to me this is still so poorly secured. Between the Hyundai/ Kia theft is sue a couple years back and my own experience with multiple long-standing bugs in our Hyundai’s infotainment system, I am suspicious of this ever being fixed.
Oh, don't understand me wrong. I've never seen a better organized embedded development process than in automotive. Review rules, reproducable builds, sometimes good unit tests(not just senseless stupid shit that wastes developer time), a test department in another room that develops test software to automate hardware in the loop tests, huge hardware in the loop test rigs that are running the newest build 24/7.
IT in cars is all other than below average. It's not the move fast and break things shit of silicon valley. And it's not the 'we ship it with the next update' shit of the game industry.
BUT, there is no documentation because there is no time to do it. There are SOP-1(Start of Production). This date is carved in stone. When a feature is not done for SOP-1, than it is not delivered in SOP-2. SOP-2 happens normally 6 month later. After that, updates are only done when something bad happens. The complete team moves on to the next head unit.
So, I would expect your bugs will not get fixed in any way, at least when they are not important enough to mobilize a new small team or some people that worked on it to fix them. Normally shortly before SOP-2, all tickets are closed, known bugs too. That feels a little frustrating as customer, but more as developer.
Oh, and don't think that you can run away from that by buing another brand. Normally not your car manufacturer develops the head unit. It's other companies and they work all the same and they work for all car companies.
We can definitely see that on windows with the recent bitlocker exploit. I wonder if any new cases will be solved, or people imprisoned because of hardware in storage that can now be unlocked.
It's definitely better to not keep data locally if it's going to be seized, because of varying laws that can coerce unlocking, but in the U.S., it should be safe to refuse to give up passwords.
On the technical side, Google and Apple have changed the game with numerous improvements to physical security and GrapheneOS takes it even further building on their foundation reducing attack surface and adding good features. Particularly with Auto reboot[1] becoming widely adopted, your conclusion can be modified on phones.
[2]:
>This (https://osservatorionessuno.org/blog/2026/05/demystifying-ph...) is an article by an Italian non-profit that provides an introductive technical overview to forensic phone unlocking exploit kits used by governments and law enforcement, most notably Cellebrite.
>This post provides an overview on how disk encryption works on Android, common attack vectors used by forensic tools to brute force or extract a device, their countermeasures against popular security features like automatic reboot in iOS and how you can protect yourself against such tools, including several mentions about GrapheneOS.
That doesn’t mean you don’t bother to secure the local device. I strongly suspect you have login security in your physical devices. Maybe even full disk encryption.
Just because a sufficiently advanced and determined attacker can own any device with physical access doesn’t mean we might as well make it easy for anyone.
Personally working at a bio farm and while it is more work than just spraying some chemical wholesale, I think it's not necessarily much harder than the past (not sure though). What I do know is that not being bio is much easier, that's all.
Yep but that's just always been the case: it's a world of difference between spraying the latest Monsanto v7 KillEmAll upgraded formula or supporting biodiversity such that for every major pest there is also something which eats it and gets rid of it.
People are criminally charged for stealing food to feed themselves. I'd argue that's more a sign of lost humanity than stealing something which has a non-negligible economic value.
Yep but the anti-socialism/communism world did wonders to make that feel like kryptonite whenever those words get brought up, even though anyone who is doesn't see themselves as "rich" in that sentence who fully agree. That's why even factory workers are anti-communism or anti-union which are literally the best way to fight back the imbalance of power.
You have to somehow separate the horrible evils that have been inflicted on the world by Communism before you can get people to consider words closely associated with it.
Being anti-communism is good not only for the individual's health but for their society as a whole.
The problem, generally, with this view point is that it attributes all of a societies ills to Communism and none of (or few of) societies ills to Capitalism.
For example, do you believe the Capitalist system has nothing to do with the eagerness of the United States to drop bombs throughout the world for the past 100 years? Personally I see these actions as unnecessary and evil but pushed to continue by the people who stand to gain the most wealth and influence from them.
The richest capitalist in the world unilaterally axed USAID at the behest of his cronies, and has directly resulted in the deaths of hundreds of thousands of children to date. Projections are 9-14 million overall deaths by starvation and disease by 2030. And that was just kicked off a few months ago.
Musk and Trump are doing a Holodomor in front of the world's eyes.
An innocent man was shot and killed this year in a foreign country. Unless you did everything in your power to stop that killing, you are equally to blame for his murder.
What specific horrible evils do you mean? And how do you attribute them to, specifically, organizing an economy along communistic lines?
I ask because if we can take a country with a communist economy, or striving for one, and blame all its evils on communism itself, I have a few things I'd like to point out as being the horrors of capitalism:
1. Atlantic slave trade - millions dead (many on the ships), millions enslaved
2. Settler colonialism and indigenous genocide - British empire, all over the world
3. Congo Free State, Leopold II - 1 to 5 million dead via colonial extraction regime
4. British India famines - 3 million dead
5. Irish Famine - 1 million dead
6. Opium wars - directly caused by British using the military to defend market access. 100k dead, devastating to Qing China for a century
7. Indonesian anti-communist massacres - 500k-1mil alleged "communists" killed after the USA, UK, and Australian intelligence agencies propagandized against them
The 1956 student massacres in Hungary, where my grandma was almost killed. The Holodomor, the various "Russianization" campaigns, the Jewish Autonomous Oblast, The Great Leap Forward, etc.
I'm not particularly interested in comparing more or less bad at that scale, especially because then we need to start asking really gross questions like "is the great leap forward more worse than the Atlantic slave trade because it killed more people, or less worse because it only killed more people because the population of the affected nation was far larger?" which leads to bizarre and strange considerations like whether the life (and death) of a single Chinese peasant is worth more or less than that of a West African enslaved person.
It's enough for me to say, "that was bad and shouldn't be done again." I would resist anyone trying to do that again.
This is important and rarely discussed. I'd add that there's a larger pattern tying these cases together, one that also speaks to some of the Encyclical's broader points: whether it's the Politburo of the USSR, the Court of Directors of the East India Company, or the Board of the United Fruit Company, historical atrocities in any age, society, or economic system almost always occur in the context of enormous power concentrated in few hands. It isn't capitalism or communism but the absence of accountability.
Copying and pasting my reply elsewhere in the thread that summarizes my thoughts here as well:
I don't have the mental power at this moment to write out my full thoughts on the subject so forgive my vague thoughts (an aside- withdrawing from SSRIs is an _unpleasant experience_)
I think the problem I find with arguments that Capitalism is the best/least bad system tend to be that they start from a false premise, in my opinion. I have a friend who makes the joke all the time that any system of government works if people were just nice to each other, but he has a point. I often hear that "oh, communism doesn't work because humans are inherently selfish." That's true, if you believe that humans are inherently selfish, but my counter-point to that is asking how much of it is innate vs. how much of it is trained by our culture and reflects back in those communist attempts because the sudden change in social architecture didn't give enough time to 'train it out of' the culture.
Back to the thing my friend says - if you believe that communism doesn't work because humans are inherently selfish/greedy/etc, I'd say to you also that capitalism is currently not working _because humans are being selfish and greedy_ in a system _that explicitly rewards that_. Which, maybe is worse.
I don't pretend I have an answer for how we can get from point A (capitalist system) to point B (future space communism) in a way that slowly shifts human thinking towards mutual aid and collective action, but I think it's short-sighted to assume that the way humans act in a system that rewards greed/selfishness is innate.
I believe capitalism is the least-bad system we've created so far. Perhaps there is a better one, but as I said elsewhere the failed experiment of communism isn't one we should keep attempting--the cost in human lives is far too high.
But, to your other point, I think human greed is innate. I can't think of evidence that would suggest that greed is somehow cultural or learned. Boil the system down to the lowest common denominator, you find greed. Scale it up: greed. No matter what you do, you cannot remove human greed systematically.
> But, to your other point, I think human greed is innate. I can't think of evidence that would suggest that greed is somehow cultural or learned. Boil the system down to the lowest common denominator, you find greed. Scale it up: greed. No matter what you do, you cannot remove human greed systematically.
Historic evidence doesn't support this. It supports the idea that greedy people exist and sometimes succeed at accumulating power, and we often hear more about those people because systems are built to sustain and tell the legends of these people. It seems most people would rather be chill with each other, and the tendency to not rock the boat means the greedy people can grab more and more before people realize it's too late and the systems have been constructed to support these greedy people, and then people just try to get on with their lives best as they can, despite they themselves not being so greedy.
Humans though aren't inherently greedy, we're inherently communal and social. Our key evolutionary advantage is sociability - so much so that we're the only living thing on earth that has complex language. We need to say more than "lion nearby" to thrive. Greed doesn't work well in social contexts, lots of anthropological studies show that in societies across history and across the world, there's a near universal appreciation of generosity, selflessness, and self sacrifice, and a near universal distaste for selfishness, greed, and resource hoarding.
B) Fine, drop communism altogether -- it's evil and disgusting and bit my finger and should never be tried again. Can we work on a society where the means of production are owned by groups of laborers?
Re: B my guess is probably not (human nature and all that), but I'm open to ideas! I just think failed experiments where tens of millions died are probably not ones where we just flippantly "try again".
A lot of the world is a free-market and labors can absolutely own the means of production. Is there some government regulation in particular that you think is preventing this?
The "imbalance of power" can only be "fought" by eliminating the concentrations of power. This is not a capitalist vs communist thing,it is, at least, a human thing, as humans need hierarchy, and power ends up being held by the few. The Romans, the Ottomans, the Persians, the Qing, and many, many other empires all have had the same "issues". I am sure this "problem" goes back to antiquity.
I think we should not use the word "communism". It is imbued with a lot of different values depending on who you ask, and is therefore utterly useless.
Marx and Engels had originally envisioned a liberal democratic society with lots of high ideals but they had allowed the transition to it to be tough. Every self-proclaimed "Communist" state never got through that transition: the people in charge never let it (often never intended to) and instead cemented their authoritarian dictatorships. So let's call those what they were.
I get where you are coming from but this is the common "reduction to politics" that anyone who doesn't want to address a problem uses: think of any societal or human problem and you can have your comment with different nouns.
Sure, IF we could just go and fix our governments in some magical way then the problem would disappear. That goes from hunger, climate change, videogame addiction and AI. The problem is that what you value in life in different than what others do, so we now have a system in which sometimes you get what you want and sometimes you don't.
But back to the topic, I do think that how OpenAI and Anthropic handled the government and them asking to drop guardrails is something a company can actually and actively do without having to reinvent the universe.
> Anthropic offers a formal copyright indemnification policy for its enterprise customers using the Claude API. The policy protects businesses from copyright infringement claims arising from authorized use of Claude or its generated outputs
The theat model with tech has always been that if an attacker has physical access to the device and time then it's game over.
reply