Hacker News new | past | comments | ask | show | jobs | submit login

> You can demonstrate the problem without doing it where you put real lives in danger.

Indeed. And according to the article, they already did. The manufacturers ignored them.




Well, no, the manufacturers didn't ignore them. They responded with a patch, but the researchers didn't like their response.

Still doesn't matter though. There are a million shades between quiet disclosure and outright stupidity that would still make headlines.

1) They could have let the "test dummy" in on what was going to happen, so they could give feedback as to when it was safe to do so.

2) They could have ensured constant two-way communication.

3) They could have done it when nobody was on the road.


> They responded with a patch, but the researchers didn't like their response.

It was my understanding that the patch was released in response to the live highway test, not the prior tests in controlled environments.

> They could have let the "test dummy" in on what was going to happen, so they could give feedback as to when it was safe to do so.

The article makes it sound like they did.

> They could have ensured constant two-way communication.

Indeed they could've. I agree with you about the recklessness of this particular element of the test.

> They could have done it when nobody was on the road.

Perhaps, and I agree that maybe they should've coordinated with local authorities (if they didn't already). However, between "do the test with vehicles on the road" and "don't do the test at all", I'd certainly pick the former.

Not to mention that the urgency involved with other vehicles on the road factors into the effectiveness of the demonstration.


Regarding the patch timeline, the article makes it clear they had been working on the patch for months before this went public.

> Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference.

With respect to letting the driver in on it, it's pretty clear they withheld most information:

> Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch

And with respect to this:

> However, between "do the test with vehicles on the road" and "don't do the test at all", I'd certainly pick the former.

Oh look, another false dilemma. Between those two, I'd pick neither, and do the test responsibly.


> With respect to letting the driver in on it, it's pretty clear they withheld most information:

The reporter knew there were going to be attacks in the first place. There was also plenty of reason to believe said attacks could severely impair safety.

> Oh look, another false dilemma.

It's a trilemma; the concept of "do the test 'responsibly'" was already implied, so I merely provided the other outcomes. There's "perfect execution of demonstration" and "no demonstration"; between that is a spectrum of perfection, on which this demonstration happens to lie somewhere near the lower-middle.

I don't disagree that the demo could've been done with more safety precautions, but the desire to do a "live" demonstration like this seems pretty reasonable, and even a demonstration lower on the perfection spectrum is preferable to the bottom end of "nothing at all".




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: