|
|
Subscribe / Log in / New account

Tailpipe emmission standards

Tailpipe emmission standards

Posted Dec 3, 2013 17:17 UTC (Tue) by mathstuf (subscriber, #69389)
In reply to: Tailpipe emmission standards by rriggs
Parent article: Geer: Trends in cyber security

I'm sure there would be exemptions (similar to how vehicles older than 1993(? early 90's at least; my '89 was exempt) just don't get emission stamps. The earliest you could probably push back is Vista and anything older is "insecure, but can't mandate anything since it's just too old". This would probably actually result in companies sticking with legacy systems even longer to avoid the forced upgrade train once they use newer software.

to post comments

Tailpipe emmission standards

Posted Dec 3, 2013 17:33 UTC (Tue) by dlang (guest, #313) [Link] (5 responses)

one problem with requirements like this is that they can end up preventing progress by locking in existing solutions to problems and preventing new things from being tried.

If you have to prove that your OS is secure before connecting to the Internet, you cannot develop a new OS, especially as a hobbiest.

The vehicle emissions example is one that is a really good example of how things can go wrong. I live in California, which has the strictest emissions rules around, and there are cars that produce less pollution than cars sold in California that are not allowed to be sold here because they aren't "equipped properly", the manufacturers came up with different solutions to the problems than what the state regulators did.

you really don't want this sort of checklist auditing to be able to control everyone's computers.

Tailpipe emmission standards

Posted Dec 5, 2013 11:54 UTC (Thu) by nye (subscriber, #51576) [Link] (4 responses)

>The vehicle emissions example is one that is a really good example of how things can go wrong. I live in California, which has the strictest emissions rules around, and there are cars that produce less pollution than cars sold in California that are not allowed to be sold here because they aren't "equipped properly", the manufacturers came up with different solutions to the problems than what the state regulators did.

Not that this changes your point, but I'm just wondering: do you mean that the regulations specify a particular technology, rather than actually measuring emissions? Or do you mean that they measure a particular set of substances and the cars in question fail on one particular part of the test despite being better overall?

Tailpipe emmission standards

Posted Dec 5, 2013 15:20 UTC (Thu) by raven667 (subscriber, #5198) [Link] (3 responses)

The US standards from the early '90s started requiring particular technologies, to cut down on gasses that the high temp, high compression, lean burning, 50 mpg cars of that era were making, which is inflexible as engineers found several ways to solve these problems that they weren't allowed to use. One big thing is to put more gas in the engine at startup so that comes out in the exhaust and burns in the catalytic converter to warm it up, which is terrible for fuel economy. Thats how we ended up going from Geo Metros to GMC Suburbans.

Tailpipe emmission standards

Posted Dec 5, 2013 16:53 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (2 responses)

> started requiring particular technologies

And that, IMNSHO, is the (main) problem: legislating solutions rather than results :( .

Tailpipe emmission standards

Posted Dec 5, 2013 20:33 UTC (Thu) by dlang (guest, #313) [Link] (1 responses)

> And that, IMNSHO, is the (main) problem: legislating solutions rather than results :( .

and what makes you think that lawyers and politicians are going to do any better of a job legislating how computers should be secured than how to build cars?

that's the real problem with calls to require that only 'qualified' or 'good' people connect to the Internet.

Tailpipe emmission standards

Posted Dec 5, 2013 22:16 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

Iā€¦agree? Legislating "how" (the solution) is usually a bad path. What you want is to expect results from things while also keeping an eye on the methods to make sure that the best reason for that path is better than "the ends justify the means". I think I would impose HIGH fines (proportional to company size and amount of data) for security leaks by companies. Ramp them up if the company isn't disclosing breaches in reasonable timeframes[1]. The problem is that fines are too low for companies to justify security because it's not *their* data and PR is such an ephemeral thing for those too big to fail.

[1]Apparently JP Morgan lost ~465,000 (pre-paid) CC numbers in July and it's only public[2] now because they couldn't "rule out the possibility that some card holders' personal data may have been accessed" instead of being proactive and saying "we've had a breach and your number may have been leaked" in, say, August.
[2]http://arstechnica.com/security/2013/12/hack-on-jpmorgan-...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds