Smarter Connected Car

In a couple of interesting briefings last week, BlackBerry announced that its turnaround was finished, and Microsoft finally provided some information on its new connected car deliverables.

One strange thing was that after CEO John Chen excitedly pointed out that BlackBerry had displaced Microsoft in Ford, he then announced a strategic initiative to work more closely with Microsoft’s Azure platform on BlackBerry’s own market-leading QNX car operating system. That showcased not only the massive changes in both companies, but also the really strange way this market is evolving.

I’ll close with my product of the week: a very low-cost wearable smartphone display that could get you through your next dentist appointment or boring sermon.

 

BlackBerry’s QNX

With all the focus on the coming autonomous car and on BlackBerry’s old phone business, most don’t know that QNX, the operating system that BlackBerry acquired, is dominant in the car market, largely for car operations. To give you an idea, it currently is in 60M — yes, that’s million — cars. It is ranked No. 1 in telematics and automotive software entertainment, and its main advantage is that it just works and continues to meet all of the car companies’ start of product deadlines.

Chances are that if you like the software running the different parts of your car, it is QNX. The car companies like it because it is very secure, their own software developers know it (it’s been dominant for a number of years), and it works on both 32- and 64-bit hardware platforms from folks like Intel, Qualcomm and Nvidia.

As you’d expect from any modern system, it is set up for over-the-air updates, similar to Tesla. In effect, QNX has become the equivalent of Android or Windows, but for the car — and it dominates the segment.

BlackBerry introduced the Karma folks at the briefing to talk about their most advanced offerings. Karma is what became of Fisker — the firm that tried, with somesignificant drama, to compete with Tesla. (Karma also showcased why Tesla’s decision to use Panasonic batteries turned out to be brilliant.)

Karma’s current car is physically identical to the Fisker Karma, with the exception that all of the electronics have been revamped completely, so it now is reliable. (I was an old Jaguar mechanic, and given the issues the Fisker had with its electronics, I’ve always wondered if they were done by Lucas electrics, which were almost always at the heart of Jaguar reliability issues in the 1960s and 70s.)

However, I spoke to the Karma executives at the event, and their point was that it took them only 15 days to bring up the software on their redeveloped car. (By the way, the new Karma is about US$140K, and it is still a looker.)

BlackBerry currently is pivoting to support the next generation of technology, which includes autonomous vehicles.

Now you’d think that Microsoft and BlackBerry would be at each other’s throats. While BlackBerry has pivoted away from focusing exclusively on secure phones and email, Microsoft has pivoted away from its focus on tools and operating systems.

 

Microsoft: It’s About Azure

Microsoft has changed a lot over the last several years, since Satya Nadella has been running the firm. I really didn’t get that initially, so the company had to set up a special retraining meeting. I had covered Microsoft for so long that my brain apparently was hard coded to think of it in just one way — and it isn’t that company any more.

Microsoft’s big push with automotive is with Azure now, which is a good thing, because its in-car efforts over the last two decades weren’t that great.

I actually had an AutoPC for a number of years. It was very advanced for its time, but truly flawed — so much so that my wife still threatens to throw something at me — and in those early years it was the AutoPC — if I ever suggest something like that again.

To be fair, that product was crippled by an underperforming processor — but I have to say, there is no misery like having a GPS system that can’t navigate at anything exceeding 25 miles per hour. Of course, I put the AutoPC in her new car, not my own, which in hindsight likely wasn’t that wise. (Yes, I’m also often surprised I’m still married.)

Tube Test in Hyperloop Pod Competition

Elon Musk’s hyperloop dream began to take shape in reality last weekend as 27 teams, including six from outside the United States, participated in a competition to create the mass transit vehicle of the future.

The competition in Hawthorne, California, sponsored by SpaceX, which Musk founded, attracted teams made up mostly of students who created pods designed to run on hyperloop transportation systems.

In a hyperloop system, the vehicles, or pods, travel in a vacuum in tubes at speeds close to the speed of sound. To do that, the pods have to be suspended slightly off the ground, typically by riding on a magnetic field.

For its competition, SpaceX built a test chamber that was three-quarters of a mile long and six feet wide. The company capped the speed at which a pod could go at around 50 miles per hour.

In order to get to test its pod in the vacuum chamber, a team had to pass a rigorous 101-point review. Only three teams could do that: Delft University of Technology of The Netherlands; Technical University of Munich, Germany; and the Massachusetts Institute of Technology.

 

Kind of a Drag

Operating in a vacuum is important to hyperloop systems because it reduces friction. “Hyperloop is all about friction,” said Adonios Karpetis, a faculty advisor to the Texas A&M aerospace team, which competed at the event.

“You have to minimize the air friction in the tube,” he told TechNewsWorld.

By creating a vacuum or near-vacuum in the tube, the drag of the vehicle is nearly eliminated, which allows it to reach tremendous speeds, as high as 700 miles per hour. By contrast, a Boeing 747 has a cruising speed of 570 miles per hour.

“It’s like operating a ground-based vehicle at an altitude of 100,000 feet where the air is very thin,” said Rick Williams, an advisor to Auburn University’s hyperloop team.

A hyperloop vehicle has an advantage over an aircraft, though.

“Once the vehicle reaches its cruising speed, it will coast for a long ways because of the minimal drag,” Williams told TechNewsWorld.

“From an energy standpoint, it’s going to be significantly lower,” he said.

Police Cams Days Before Inauguration

A ransomware attack darkened the video surveillance system of the District of Columbia’s police department eight days before the presidential inauguration of Donald J. Trump.

Video storage devices for 70 percent of the CCTV system were unable to record anything between Jan. 12 and Jan. 15, as police techies scrambled to combat malicious software found on 123 of 187 networked video recorders, The Washington Post reported Friday.

However, the safety of the public was never in jeopardy during the camera blackout, Brian Ebert, a Secret Service official, told the Post.

Although the city has characterized the malicious software it found as ransomware, no ransom demand appears to have been made. The city resolved the problem by taking the storage devices offline, removing all their software and then restarting them.

The city is investigating who might be behind the hack, which affected only CCTV cameras monitoring public areas and did not reach deeper into the city’s networks, the Post reported.

 

Blind Deterrent

Closed circuit cameras can be important for collecting evidence about a crime. Fortunately for the D.C. police, that wasn’t an issue while some of its network was disabled.

“If a crime had been committed in an area and its compromised camera held important evidence, then they might have found themselves in trouble,” said Bob Hansmann, director of security analysis and strategyForcepoint.

“In this case, they were lucky and nothing crucial happened,” he told TechNewsWorld.

In addition, cameras have a deterrent effect whether they’re working or not.

“In this instance, it was beneficial that the general public did not know about the attack when it happened,” noted James Scott, a senior fellow with the Institute for Critical Infrastructure Technology.

“So long as the attack was not common knowledge, the camera itself acted as a deterrent to crime, because potential offenders were not aware that it was infected with ransomware,” he told TechNewsWorld.

 

Attractive Target

Other municipal infrastructures have been targeted in similar ways in the past. A ransomware attack last fall took down the ticket machines for San Francisco’s light rail system for about a day.

“We’re going to see more and more of these kinds of attacks this year,” said Stephen Gates, chief research intelligence analyst with Nsfocus.

“This is a perfect example of hackers taking advantage of these municipal systems. They can cause all sorts of havoc,” he told TechNewsWorld.

“We’re seeing more and more ransomware attacks against the IoT, which is a disturbing trend,” said Jean-Philippe Taggart, a senior security researcher with Malwarebytes.

“CCTVs, hotel locks, libraries, hospitals — the criminals have a wealth of potential targets to choose from,” he told TechNewsWorld.

 

Feasting on IoT

Ransomware extortionists are feasting on the Internet of Things, maintained Simon Crosby, CTO of Bromium.

To prevent these attacks, devices need to be shielded so they’re not exposed on the Internet where hackers can find them, he said.

“Right now, attackers are having a field day finding exploitable systems that infrastructure operators either do not recognize are Internet-facing or think their exposure is too obscure for criminals to find, which is a very dangerous assumption,” Crosby told TechNewsWorld.

In addition to being discovered easily by hackers, networks of IoT devices have another problem: diversity.

“Fleets of PCs can be protected with uniform defenses, but what do you install on rail kiosks, video cameras, cars or televisions?” Crosby asked.

High Powered AI Partnership

The group plans to announce additional details sometime after the board’s Feb. 3 meeting in San Francisco, including how other organizations and individuals can join. It also will address initial research programs and activities.

The board will oversee general activities of the Partnership on AI, and an executive steering committee will commission and evaluate activities within the overall objectives and scope set up by the board of trustees. The board will appoint an executive director, who will oversee day-to-day operations.

The Partnership on AI, announced last fall, aims to advance public understanding of artificial intelligence and formulate best practices. It plans to conduct publish research under an open license on areas such as ethics, privacy, fairness, inclusivity, transparency and privacy.

 

Closely Held

The announcement of Apple’s participation is particularly significant in light of the company’s well-earned reputation for organizational secrecy. There recently have been signs of blowback against that corporate culture, both inside and outside of the organization.

Apple last fall hired Carnegie Mellon’s Russ Salakhutdinov as its first director of AI research, and he soon announced a policy change that would allow the company’s AI researchers to begin publishing the results of their work, a practice that previously had been out of bounds for Apple employees.

As for why Apple decided to join the partnership now, “Apple does things if and when it wants to, on its own timeline,” observed Charles King, principal analyst at Pund-IT.

“The company may also have wanted to see how the group’s members were organizing themselves, whether they were serious, and how sustainable the effort appeared” before it took that step, he told TechNewsWorld.

 

Common Interests

Tom Gruber and others at Apple have been working behind the scenes, “communicating and collaborating” with members of the board since before it launched last fall, said company rep Jenny Murphy.

“Apple provided input into the organization’s [memorandum of understanding] and the organization’s tenets,” she told TechNewsWorld. “Apple wasn’t able to formalize its membership in time for the September announcement, but is thrilled now to be officially joining PAI as a founding member.”

It makes sense that Apple would join, as the partnership is about communicating AI to consumers and policymakers, noted Paul Teich, principal analyst at Tirias Research.

Efforts to Silence Trolls

Twitter on Tuesday announced yet another crackdown on abusers.

With the goal of making Twitter a safer place, it has come up with new ways to

  • Prevent the creation of new abusive accounts;
  • Make search safer; and
  • Collapse potentially abusive or low-quality tweets.

Twitter also pledged to persist in its anti-abuse endeavors, saying it would keep rolling out product changes, some more visible than others, and updating users on its progress every step of the way.

Twitter “is more vulnerable than other social media because people expect it to be their link to the world, and not just their friends,” noted Jim McGregor, a principal analyst at Tirias Research.

“People use it for news and for access to quick gossip,” he told TechNewsWorld, adding that its open-ended structure makes it an easier target for abuse.

 

Latest Offensive

Twitter will identify account owners it has suspended permanently and block them from creating new accounts.

That might be a reaction to the creation of multiple fake accounts last fall, after Twitter had suspended several accounts linked to the alt-right movement, which is known for advocating white supremacy and other extreme views.

Those suspensions came amid mounting criticism of the company’s failure to expunge harassing, racist, sexist and anti-Semitic tweets from its network.

Safe search involves filtering tweets that contain potentially sensitive content, as well as tweets from blocked and muted accounts, from search results. However, users would have other ways to search for and access those tweets.

Under the new system, potentially abusive and low-quality replies will be collapsed, although they will be available if users want to seek them out. This change will roll out in the coming weeks, Twitter said.

 

Protection or Cybergagging?

“Ultimately, determining what constitutes cyberharassent or any kind of inappropriate behavior on Twitter is a subjective undertaking,” said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

“As soon as you introduce subjectivity into regulating Twitter, it loses its appeal,” he told TechNewsWorld. “One person’s freedom of speech is another person’s microaggression. Twitter’s best bet is to say, ‘Abandon all hope ye who enter here.'”

Getting around the problem of subjective judgment will be difficult, McGregor suggested. “How do you decide what’s appropriate or abusive, and what’s not? You need to have a context for the conversation and the relationship.”

Friends would couch statements in terms that might be considered inappropriate when relayed to a stranger, he pointed out. “For example, I could tweet the word ‘s**t’ to a friend in response to something he’d said or a news item we were discussing, and it would be all right.”

Using artificial intelligence to filter out potentially offending tweets isn’t going to resolve the issue, because “AI systems have to learn like humans do, and no AI solution will really work unless you have a finite number of inputs,” McGregor pointed out.

 

Twitter’s Battle Against the Trolls

Twitter in 2014 suspended several accounts for violating its rules after actor Robin Williams’ daughter Zelda publicly quit the site due to hateful tweets about her father’s tragic suicide. She later reactivated her account

Another victim, Imani Gandy, had been harassed since 2012 by someone with the handle “Assholster,” who created up to 10 different Twitter accounts a day to hurl racist invectives at her.

Container Security Platform

Windows protection tends to focus on “find the bad executable,” which makes sense in that environment because bad executables are ubiquitous in an attack, noted Capsule8’s Viega.

However, that approach doesn’t work well in a Linux environment, so Capsule8 focuses on detecting and protecting against system compromise, he told LinuxInsider.

The other typical approach in Linux is a network appliance, Viega said. However, there is not much context on the network, particularly as end-to-end encryption starts to become ubiquitous in the enterprise, so this approach doesn’t find much and leads to many spurious alerts.

“The result is that most Linux compromises either go undetected or are a surprise — companies find their data on a forum at a later date and they find they had no clue they were attacked,” he explained.

Among the most noteworthy incidents, the company cited the massive breach at Yahoo, which went undetected for years until the stolen data showed up on the Web.

While Linux-based systems present many of the same security problems as Windows-based systems, the biggest difference in attacks can be found around malware, according to Mark Nunnikhoven, vice president of cloud research at Trend Micro.

“While we do regularly see malware targeting Linux systems, it’s a more common occurrence that the malware implanted on Linux systems is there to be distributed to Windows clients connecting to that Linux system,” he told LinuxInsider.

On the defensive front, there’s a stark contrast in the amount of effort required to support the rapidly changing software on Linux platforms, Nunnikhoven pointed out.

“Given the nature of Linux and GNU, release cycles are a bit more erratic, and there’s a lot more variation that requires a mature and robust response by security providers,” he said.

 

Customer Base

Capsule8 already has signed up customers for its prerelease product, including SourceClear and Namely.

Capsule8 is the first product that supplements SourceClear’s predeployment detection with runtime threat protection for Linux systems, CEO Mark Curphey said.

There are three core principles that should guide decision making when adopting new technology, suggested Daniel Leslie, director of cybersecurity and technology at Namely. They are scalability, maintainability and security.

Protecting infrastructure at scale without sacrificing stability or performance is essential, he said.

New Virtual Reality Frontier

Regular readers will know that I’ve played games my entire life. I hold deep reverence for the care and attention that go into creating these experiences, and I’ve rarely met a game I didn’t want to conquer.

Yet I am nervous about virtual reality. I’ve tried it and found those disorientating worlds difficult to handle, though I suspect that over time I could grow more accustomed to it. I doubt I could say the same for an arcade machine that both locks me into a VR world and pelts me with physical stimuli.

Koei Tecmo Wave’s VR Sense machine is a virtual reality arcade cabinet that houses you and subjects you to what I can only imagine is sheer torture. It has what Koei Tecmo Wave calls a “3D seat,” which attempts to draw players further into the games through touch, movement, aroma, wind, and temperature and precipitation changes. It’s not completely clear as yet whether you have to wear a headset for the full VR effect.

It’s launching with three games: a horse-riding simulator, a version of Koei Tecno Wave’s Dynasty Warrior franchise (with a stab at replicating in-game flames while you swelter in your moving chair), and a horror game.

I enjoy horror titles. However, I’d be less likely to welcome a VR horror game, as I’d probably come close to having a heart attack or three. There’s next to no chance I’d ever try Horror Sense.

That’s in large part due to the game apparently mimicking bugs falling from the ceiling and critters scuttling along the floor. I have a lot of questions about this, but ultimately, I’d tear off a VR headset in a second if I thought there were bugs falling on me while playing. No thank you, ma’am.

Apps Vulnerable to WiFi Snooping

Strafach categorized another 24 iOS apps as “medium risk.” Potentially intercepted information included service login credentials and session authentication tokens for users logged onto the network.

Strafach labeled the remaining apps “high risk” because potentially intercepted information included the snatching of financial or medical services login credentials.

He did not identify the medium and high risk apps by name, in order to give their makers time to patch the vulnerability in their apps.

How concerned should users be about their security when using these apps?

“I tried to leave out anything regarding concern level, as I do not want to freak people out too much,” Strafach told TechNewsWorld.

“While this is indeed a big concern in my opinion, it can be mostly mitigated by turning off WiFi and using a cellular connection to perform sensitive actions — such as checking bank balances — while in public,” he said.

 

Man in the Middle Attack

If anything, Strafach is understating the problem, maintained Dave Jevans, vice president for mobile security products at Proofpoint.

“We’ve analyzed millions of apps and found this is a widespread problem,” he told TechNewsWorld, “and it’s not just iOS. It’s Android, too.”

Still, it likely is not yet a cause for great alarm, according to Seth Hardy, director of security research at Appthority.

“It’s something to be concerned about, but we’ve never seen it actively exploited in the wild,” he told TechNewsWorld.

What the vulnerability does is enable a classic man-in-the-middle attack. Data from the target phone is intercepted before it reaches its destination. It is then decrypted, stored, re-encrypted and then sent to its destination — all without the user’s knowledge.

To do that, an app needs to be fooled into thinking it’s communicating with a destination and not an evesdropper.

“In order for a man-in-the-middle attack to be successful, the attacker needs a digital certificate that’s either trusted by the application, or the application is not properly vetting the trust relationship,” explained Slawek Ligier, vice president of engineering for security at Barracuda Networks.

“In this case, it appears that developers are developing applications in a way that allows any certificate to be accepted,” he told TechNewsWorld. “If the certificate is issued and not expired, they’re accepting it. They’re not checking if it’s been revoked or even if it’s properly signed.”

 

Developer’s Problem

Should Apple act to weed these vulnerable apps from behind its walled garden?

“Apple should most certainly remove any of the offending apps from the App Store,” said Sam McLane, head of security engineering at Arctic Wolf.

“This is something that is relatively easy to test for and should be enforced by Apple, since the trust model starts with the Apple ecosystem being safe for people to use,” he told TechNewsWorld.

Strafach disagreed. “The setup now is exactly as it should be with regards to developer control of networking code,” he said. “Developers can do something about this problem. For affected apps, the fix is only a few lines — less than an hour tops, if that, to fix the matter in affected code.”

Some early reviewers of the Samsung Chromebook

The Chromebook Pro will sell for US$550.

Some reviewers, including PC Magazine‘s Victoria Song and Ars Technica‘s Valentina Palladino, considered it pricey.

However, that pricing fits into the normal laptop budget, noted Wired reviewer David Pierce .

“I don’t want to spend $1,000-plus on a PC or Mac when I could get something like the Samsung Chromebook Pro for $549,” Forbes‘ Shelby Carpenter remarked.

“Access to the Google Play store and the Android apps ecosystem, combined with the freemium productivity suites such as Slack, make [Chromebooks] a viable option for remote workers,” Gartner’s Goertz told TechNewsWorld, “and Samsung’s carefully selected price points are justified vis-a-vis the slightly less expensive competition.”

Design and Battery Life

The rounded edges and exposed hinge give the Chromebook Pro “a decidedly utilitarian look,” Wired‘s Pierce noted, which is “just fine.”

Though the Pro is light and small, its squarish shape is “a little awkward when typing,” according to PC Magazine‘s Song.

Its design struck Ars Technica‘s Palladino as “solid.”

“I got my hands on the device at CES, and i was impressed with how thin and light it was while not feeling like a typical flimsy plastic Chromebook,” noted Eric Smith, a senior analyst at Strategy Analytics.

The Chromebook Pro’s battery life is “only beat by the much more expensive Chromebook Pixel 2 and the Dell Chromebook 13,” said Ars reviewer Palladino.

However, it “pales in comparison to what we saw” from various Asus Chromebook models, said PC Magazine‘s Song, who noted that results of two tests varied substantially.

 

The Quad HD Screen

The Chromebook Pro’s 2400 x 1600 Quad HD LED display “is virtually indistinguishable from my Mac screen,” Forbes‘ Carpenter said.

The display “makes the entire device taller than most 16:9 laptops and two-in-ones,” observed Palladino.

That allows a larger palm rest and more space for the user’s hands, but a huge bottom bezel and a hardware strip for the hinges to attach to the lid leave “a bunch of empty space,” he pointed out.

The display offers a much higher resolution than typically found in 11- or 13-inch Chromebooks, Song said, but the 3:2 aspect ratio means it’s more square-shaped. That leaves little room on either side of the keyboard, making the typing experience somewhat awkward.

 

The Stylus and Android Apps

Although the included stylus drew generally favorable remarks, “the quality of the inking wasn’t as impressive as Windows or iOS devices at similar price points,” Strategy Analytics’ Smith told TechNewsWorld.

Reviewers liked the Chromebook Pro’s access to the huge number of Android apps in the Google Play store.

However, some Android apps don’t play well with Chrome, they noted.

“Some apps don’t recognize the keyboard and trackpad; others seem unable to handle a touchscreen,” Wired‘s Pierce pointed out.

“Most crash constantly,” and switching between apps can be clumsy, said Song.

Drone Fight Simulator Available on GitHub

Microsoft has introduced an open source virtual reality toolkit for the training of autonomous drones. Part of Microsoft’s Aerial Informatics and Robotics Platform, the beta software became available on GitHub last week.

The toolkit is designed to allow developers to “teach” drones how to navigate the real world by recreating conditions such as shadows, reflections and even objects that might confuse a device’s on-board sensors.

The software allows researchers to write code for aerial robots such as drones, as well as other gadgets, and to test the devices in a highly realistic simulator. Users can collect data while testing devices before deploying them in real world scenarios or situations.

“The aspirational goal is really to build systems that can operate in the real world,” said Ashish Kapoor, the Microsoft researcher who is leading the project.

The hope is that these training tools could spur development of artificial intelligence-based gadgets that eventually could be trusted to drive cars, deliver packages, and even handle rudimentary chores in the home, added Kapoor.

 

Advanced VR

Testing in a VR environment could mean lower costs as well.

Simulators long have been used in testing scenarios, but until recently the software-based simulations lacked the accuracy of the real world and thus didn’t reflect real-world complexities. Microsoft’s system — which is based on emerging VR technologies that take advantage of advances in graphics hardware, computing power and algorithms — enables a much more realistic re-creation of a real-world environment.

Based on the latest photorealistic technologies, it can render shadows, reflections and other subtle things much better. Although humans take such things for granted, they can pose problems for computerized sensors.

Microsoft’s simulator “will help researchers to develop, debug and test their drone navigation software by enabling them to recreate a variety of operational scenarios on their desktop computers in the lab,” said Michael Braasch, professor of electrical engineering and computer science at Ohio University’s Avionics Engineering Center.

“Simulations help to reduce development costs by reducing the amount of actual flight testing required, but the catch is that the simulation must be high fidelity — that is, sufficiently realistic,” he told LinuxInsider.

“Microsoft’s simulator appears to meet this requirement for camera-based or vision sensors, but it is not yet clear if the simulator accurately depicts very small-scale obstacles such as the thin twigs at the end of tree branches,” Braasch added. “Such obstacles are nearly invisible — even with HD cameras and even at close distances. It is also unclear if Microsoft’s simulator supports non-camera-based sensors such as LIDAR and radar.”

 

Learning to Fly

Although it targets the development of autonomous drones, Microsoft’s technology could find applications with human operators as well. Consumer drones have been steady sellers in the past few years, but newbies likely experience a crash or two. Learning to fly in a simulator could solve some of the problems with learning to fly.

“First, it isn’t easy to fly a drone,” said Michael Blades, senior industry analyst at Frost & Sullivan.