Monthly Archives: July 2015

AVG

Just how safe are connected cars?

Last week, Wired published an article ‘Hackers remotely kill a Jeep on the highway – with me in it’ detailing the actions of two well know hackers Charlie Miller and Chris Valasek. In the words of the journalist, Andy Greenberg, he agreed to be their ‘digital crash-test dummy’.

The hackers managed to remotely control many important functions of the Jeep, including braking, transmission and accelerator. They also controlled the wipers, air-con and radio, but the threat is very different when someone can control the driving and safety features of the vehicle.

Miller and Valasek proved in 2013 that they could hack a car, at that time a Ford Escape and Toyota Prius, but at that time they demonstrated it from the back seat and they needed to be physically connected in the car.

This latest demonstration of their skills show that in this instance they could control the vehicle remotely, which is of course a very different risk.

This story has so many similarities to the recent stories about the ability to hack an aircraft and control it. Experts in avionics were quick to disclose that only in a few aircraft have the infotainment systems connected to the control of the aircraft and in all cases the pilot has a manual control button in the cockpit to take control and fly without the reliance on technology in this way.

While similar stories they are two very separate industries, the automotive industry regulators would appear to be in catch up mode as opposed to setting definitive standards for the industry to follow in advance of deployment in the field.

My other concern raised by this and previous stories about car vulnerabilities is the method of deployment of the fix. There is a software update available for the Jeep, it can be downloaded and loaded through a USB stick. While this sounds simple it should not be left to the consumer to perform updates of this importance, if there was a manufacturing fault in the breaks of a car they would be recalled and a trained mechanic would repair them. While the dealer may load the software for you its my opinion that when a major vulnerability like this is found the car companies should be made to do a full recall and take responsibility.

I wonder how many car drivers of connected cars have the latest software loaded in the cars today? I suspect that many BMW drivers that were subject to the ‘unlock’ hack earlier this years are still driving around in a vulnerable car.

There is light on the horizon as US and UK Government departments that control standards in this area are both reportedly writing new guidance. I am sure that in the next few months they will be published but of course implementation in manufacturing takes time and the risk grows with every new ‘connected’ car that rolls off the production line.

 

AVG

Tech’s Not So Free Lunch

On the macro level, for example, and in the “plus” column, is the transparency practice of many leading tech firms, revealing the diversity of their workforces. And on a more micro level, the big security industry RSA Conference this year essentially banned “booth babes” by stressing strict dress attire for its exhibitors.

Bravo!

Now we come to a step back. A new report by Forbes is that the hottest lunch spot for many SF male techies is, rather unbelievably, a strip club…

The lunch spot of the moment is apparently the Gold Club in San Francisco’s SoMa district, which is conveniently located within walking distance of top tech companies such as Yelp and Salesforce. (You can read the article about this here.

Supposedly the attraction is a cheap lunch: for a $5 cover charge, you get a free lunch buffet and …enjoy dancers. (Ironically, Silicon Valley tech companies have long been the providers of free and subsidized lunches for employees –all to attract the best talent, keep them on campus and at their desks…)

Is the new lunch fad simply a good deal on a buffet? Innocent fun? A way to escape the drudgery of staring at a screen all day?

To me, it’s inappropriate and more troublesome than that. It’s one more manifestation of the techbro culture that permeates our industry.

Worse, it seems to have gotten the wink and nod from many tech firms. For example, according to the Forbes article, one well-known tech firm’s hiring managers would take prospective hires to the Gold Club—which was referred to by the secret code name of “Conference Room G.”

But I don’t want to make light of this. Regardless of your take on strip clubs (whether they objectify or empower women), for the tech industry, which has always been exclusionary (both of women and minorities), it’s simply one more example of the way it can be careless and tone-deaf.

Another take-away from this is that corporate culture doesn’t just come from the top. These techbros are influencing their workplace just as much – arguably more so– as their managers are. Imagine being a woman or gay male programmer and hearing guys in the break room talking about their great lunch… How excluded would you feel?

On another cautionary note, this sounds like a lawsuit waiting to happen, whether an unsuspecting worker is taken to a club by colleagues and feels uncomfortable, or overhearing the guys talk about their fun in the workplace…

On that note, we were reminded just this past week of the most famous sex discrimination lawsuit to date in the tech industry: the case of Ellen Pao against Kleiner Perkins. In March, the highly reported case ended with Ms. Pao losing her lawsuit, but tarnishing the reputation of her former employer, a gold standard Silicon Valley VC firm.

Fast forward and Ms. Pao was recently forced out of her interim CEO position at the Internet community site Reddit. (The New York Times headline read: “It’s Silicon Valley 2, Ellen Pao 0: Fighter of Sexism is Out at Reddit.”)

Ms. Pao wrote an Op-Ed column about her ordeal at Reddit, which appeared this past weekend. In it she chronicled the work she and the company did to try to prevent and ban harassment on the Reddit site and the resulting “attempts to demean, shame and scare” her into silence that ultimately led to her resignation.

As Ms. Pao has noted, I couldn’t agree more: “It’s left to all of us to figure it out, to call out abuse when we see it.”

Sex discrimination and harassment –and resulting lawsuits— have been happening in other industries for years. No, the tech industry didn’t invent sexism or the wheel. But as they say… we’ve driven the car into the ditch all the same. These are glaring examples of the distance we have to travel.