I like those odds



  • http://news.yahoo.com/s/ap/20080109/ap_on_hi_te/787_computer_security

    SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    You'd think the CTO would have passed high school math.



  • @Pap said:

    You'd think the CTO would have passed high school math.

    Schneier's probably forgotten more math than you'll ever learn. Might want to look up his bio sometime. Ever hear of "Practical Cryptography" or "Applied Cryptography"?

     



  • @Pap said:

    http://news.yahoo.com/s/ap/20080109/ap_on_hi_te/787_computer_security

    SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    You'd think the CTO would have passed high school math.

    Oops, he used the incorrect word. Wow, what a moron for accidentally saying 'odds' instead of 'chances'

    Nothing to see here, move along. 



  • I feel a mug coming on!



  • I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,



  • "The odds of this being perfect are zero," said Bruce Schneier

    Obvious. Nothing's perfect. 



  • Now taking bets on how long it'll take Hollywood to make this into a movie. Also taking bets on whether the final action scene will be the hero hacker typing away <font size="-1">fervorously while the plane is about to crash. And there will be 3D graphics on his screen.
    </font>



  • @Pap said:

    http://news.yahoo.com/s/ap/20080109/ap_on_hi_te/787_computer_security

    SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    You'd think the CTO would have passed high school math.

    I'd chide and rebuke you, but frankly, Schneier Facts will do it for me even better.

    Bruce Schneier knows Alice and Bob's secret.
    Compilers don't warn Bruce Schneier, Bruce Schneier warns compilers.
    Bruce Schneier's abs are NP-hard.

    In short, Schneier is even more of my homeboy than Knuth.




  • SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    OK, so it's possible Boeing can make their Internet connection secure, but it won't be perfect.  What's wrong with that?  Nothing is absolute -- he was using secure to mean "as secure as possible (and perhaps even slightly better), but by no means perfect or absolute, since nothing is."

     No math involved here.  The statements can both be true and do not contradict one another.

     

    Score:

    Bruce Schneier: 1

    Pap: 0

     



  • @shadowman said:


    SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    OK, so it's possible Boeing can make their Internet connection secure, but it won't be perfect.  What's wrong with that?  Nothing is absolute -- he was using secure to mean "as secure as possible (and perhaps even slightly better), but by no means perfect or absolute, since nothing is."

     No math involved here.  The statements can both be true and do not contradict one another.

     

    Score:

    Bruce Schneier: 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0

    Pap: NaN

     

    Fixed that for you.



  • @tchize said:

    I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,

    I'm sure Boeing went with a single physical LAN for one major reason: costs. If they had to run two sets of cat5 everywhere, it'd add quite a few pounds to the weight of the plane, and this plane's supposed to be uber-fuel efficient. Weight kills efficiency.

    Of course, they'd be pretty stupid if all the flight control systems were accessible from passenger ports. If nothing else, they should at LEAST stick flight systems into one VLAN, and passenger porn into another. If they can't be physically and electrically seperated, then this'd be the next best thing. Now they just have to make sure the routers are totally secured. Think they'll look into OEM backdoors in the firmware on those? Or will the router passwords be "boeing" or "787"?



  • @MarcB said:

    @tchize said:

    I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,

    I'm sure Boeing went with a single physical LAN for one major reason: costs. If they had to run two sets of cat5 everywhere, it'd add quite a few pounds to the weight of the plane, and this plane's supposed to be uber-fuel efficient. Weight kills efficiency.

    Of course, they'd be pretty stupid if all the flight control systems were accessible from passenger ports. If nothing else, they should at LEAST stick flight systems into one VLAN, and passenger porn into another. If they can't be physically and electrically seperated, then this'd be the next best thing. Now they just have to make sure the routers are totally secured. Think they'll look into OEM backdoors in the firmware on those? Or will the router passwords be "boeing" or "787"?

    I am sorry, but I highly doubt this. Feel free to share if you have evidence to back this up.

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

     

     



  • @Volmarias said:


    Bruce Schneier knows Alice and Bob's secret.

     

    But does he know Victoria's secret?  I've spent hours in there and can't seem to figure it out myself.  But the sales girls are nice to look at.



  • The real WTF is that the OP has no idea who Schneier is.

    Seems like just about every engineer should...
     



  • @MasterPlanSoftware said:

    @MarcB said:

    @tchize said:

    I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,

    I'm sure Boeing went with a single physical LAN for one major reason: costs. If they had to run two sets of cat5 everywhere, it'd add quite a few pounds to the weight of the plane, and this plane's supposed to be uber-fuel efficient. Weight kills efficiency.

    Of course, they'd be pretty stupid if all the flight control systems were accessible from passenger ports. If nothing else, they should at LEAST stick flight systems into one VLAN, and passenger porn into another. If they can't be physically and electrically seperated, then this'd be the next best thing. Now they just have to make sure the routers are totally secured. Think they'll look into OEM backdoors in the firmware on those? Or will the router passwords be "boeing" or "787"?

    I am sorry, but I highly doubt this. Feel free to share if you have evidence to back this up.

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.
     

     

    Making them separate might even produce less cabling. Because if you kept the passengers separate, then the cabling could be centered in the cabin area. The switch could be located close to the cabin kind of like a star pattern if possible. This will help reduce the overall cable lengths. Then if you needed extra equipment that it is connected to, you can uplink to another box closer to the cockpit with only a wire or two. (you could have 1 switch per each side of the aisle, then have these two connected to the router).  I still would have a separate transciever to handle this traffic than the rest of the plane, it would be stupid to do it different. Merging critical data (plane) on the same channel with non-critical (passenger surfing the net) is plain stupid. As far as hacking through the radio.. there should be a limited amount of real plane actions that could be done from outside, unless you want the tower to be able to land the plane if the pilots were rendered incapable of flying.

     



  • @pitchingchris said:

    @MasterPlanSoftware said:
    @MarcB said:

    @tchize said:

    I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,

    I'm sure Boeing went with a single physical LAN for one major reason: costs. If they had to run two sets of cat5 everywhere, it'd add quite a few pounds to the weight of the plane, and this plane's supposed to be uber-fuel efficient. Weight kills efficiency.

    Of course, they'd be pretty stupid if all the flight control systems were accessible from passenger ports. If nothing else, they should at LEAST stick flight systems into one VLAN, and passenger porn into another. If they can't be physically and electrically seperated, then this'd be the next best thing. Now they just have to make sure the routers are totally secured. Think they'll look into OEM backdoors in the firmware on those? Or will the router passwords be "boeing" or "787"?

    I am sorry, but I highly doubt this. Feel free to share if you have evidence to back this up.

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.
     

     

    Making them separate might even produce less cabling. Because if you kept the passengers separate, then the cabling could be centered in the cabin area. The switch could be located close to the cabin kind of like a star pattern if possible. This will help reduce the overall cable lengths. Then if you needed extra equipment that it is connected to, you can uplink to another box closer to the cockpit with only a wire or two. (you could have 1 switch per each side of the aisle, then have these two connected to the router).  I still would have a separate transciever to handle this traffic than the rest of the plane, it would be stupid to do it different. Merging critical data (plane) on the same channel with non-critical (passenger surfing the net) is plain stupid. As far as hacking through the radio.. there should be a limited amount of real plane actions that could be done from outside, unless you want the tower to be able to land the plane if the pilots were rendered incapable of flying.

     

     

    I agree with this. The first thing I thought upon reading the article is, "well, DUH, all of the avionics and communications equipment used by the flight control will obviously be controlled from the avionics bay, and internet traffic will obviously be carried on a separate radio frequency."

     

    Perhaps they phrased this incorrectly. It could be that what the FAA really meant was, "Prove that IEEE 802.11 and Bluetooth devices will not interfere with avionics or flight communications systems."



  • @PerdidoPunk said:

    @pitchingchris said:
    @MasterPlanSoftware said:
    @MarcB said:

    @tchize said:

    I don't understand where the difficulty to prove that internet access offered to passengers would not make it risky for flight control? Just provide a completely separated circuit for internet from the rest of plane. (separate line, separate emitter, separate power cabling). If there is no physical link nor radio compatibility with both part, you can't physically cross the bridge 😕 And if it were possible via radio, the internet access won't be at cause, anybody with a radio emitter in plane, even without inet access would be able to do it,

    I'm sure Boeing went with a single physical LAN for one major reason: costs. If they had to run two sets of cat5 everywhere, it'd add quite a few pounds to the weight of the plane, and this plane's supposed to be uber-fuel efficient. Weight kills efficiency.

    Of course, they'd be pretty stupid if all the flight control systems were accessible from passenger ports. If nothing else, they should at LEAST stick flight systems into one VLAN, and passenger porn into another. If they can't be physically and electrically seperated, then this'd be the next best thing. Now they just have to make sure the routers are totally secured. Think they'll look into OEM backdoors in the firmware on those? Or will the router passwords be "boeing" or "787"?

    I am sorry, but I highly doubt this. Feel free to share if you have evidence to back this up.

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.
     

     

    Making them separate might even produce less cabling. Because if you kept the passengers separate, then the cabling could be centered in the cabin area. The switch could be located close to the cabin kind of like a star pattern if possible. This will help reduce the overall cable lengths. Then if you needed extra equipment that it is connected to, you can uplink to another box closer to the cockpit with only a wire or two. (you could have 1 switch per each side of the aisle, then have these two connected to the router).  I still would have a separate transciever to handle this traffic than the rest of the plane, it would be stupid to do it different. Merging critical data (plane) on the same channel with non-critical (passenger surfing the net) is plain stupid. As far as hacking through the radio.. there should be a limited amount of real plane actions that could be done from outside, unless you want the tower to be able to land the plane if the pilots were rendered incapable of flying.

     

     

    I agree with this. The first thing I thought upon reading the article is, "well, DUH, all of the avionics and communications equipment used by the flight control will obviously be controlled from the avionics bay, and internet traffic will obviously be carried on a separate radio frequency."

     

    Perhaps they phrased this incorrectly. It could be that what the FAA really meant was, "Prove that IEEE 802.11 and Bluetooth devices will not interfere with avionics or flight communications systems."

    It is no surprise that even if the networks have ZERO chance of interfering, that the governing body would still want the manufacturer to prove this, and undergo rigorous testing. This is just more stuff to make people nervous about getting on airplanes. Nothing to see here, keep moving.



  • @PerdidoPunk said:

    Perhaps they phrased this incorrectly. It could be that what the FAA really meant was, "Prove that IEEE 802.11 and Bluetooth devices will not interfere with avionics or flight communications systems."

     I totally agree with you on this. If you ever watched the show Mythbusters, they did do an episode on cell phone interference in planes. And although they have found that digital phones don't interfere at all with the planes signal, they still try to keep it a rule not to use radio devices just to be safe. So you're right, maybe they are trying to get them to prove if it is possible for wireless devices to introduce any interference with the other system. Even if this interference is too small to do any damage in any given sample, maybe we can't outrule it. Think of a serial port operating at the wrong baud rate. It is still theoretically feasible to recieve some legible characters by accident.



  • @MasterPlanSoftware said:

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

    Back in the 1980s, Boeing had a standing offer of $100 to any employee who could figure out how to reduce the weight of one of their airplanes by a pound. I'm sure they've increased the bonus by now.



  • @Carnildo said:

    @MasterPlanSoftware said:

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

    Back in the 1980s, Boeing had a standing offer of $100 to any employee who could figure out how to reduce the weight of one of their airplanes by a pound. I'm sure they've increased the bonus by now.

    I am sorry, I seem to be missing your point...



  • @Carnildo said:

    @MasterPlanSoftware said:

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

    Back in the 1980s, Boeing had a standing offer of $100 to any employee who could figure out how to reduce the weight of one of their airplanes by a pound. I'm sure they've increased the bonus by now.

    I don't see how much difference one pound will make when the weight of passengers will fluctuate much more than that. You could have skinny people seated on one side and heavy on the other, and now the pilots might have to adjust the trim for it.



  • @pitchingchris said:

    @Carnildo said:
    @MasterPlanSoftware said:

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

    Back in the 1980s, Boeing had a standing offer of $100 to any employee who could figure out how to reduce the weight of one of their airplanes by a pound. I'm sure they've increased the bonus by now.

    I don't see how much difference one pound will make when the weight of passengers will fluctuate much more than that. You could have skinny people seated on one side and heavy on the other, and now the pilots might have to adjust the trim for it.

    I am sure they did try and reduce weight in any way possible, but it seems Carnildo is implying:

    1) That combining the two networks would save weight.

    2) The risk in combining the networks would somehow outweigh the risk in a few more pounds IF it did actually weigh more to isolate.

     

    I would like to see either of those points backed up.



  • Completely off topic

    My client is one of the major jet engine manufacturers for military and commercial jets.  One of their systems actually accepts diagnostic data (black box kind of data) in flight to their systems on the ground.  Then the system can monitor that and throw a flag if things are trending a certain way.  The data comes in in many ways, like uploading the black box data after the flight, etc., but I always thought it was neat that they could accept the data in flight. 



  • @pitchingchris said:

    I don't see how much difference one pound will make when the weight of passengers will fluctuate much more than that. You could have skinny people seated on one side and heavy on the other, and now the pilots might have to adjust the trim for it.

    Just sitting on the ground, yeah, 1 pound less is nothing. But remember that fuel is THE major expense for airlines these days. 1 pound per mile over a lifetime of a million miles is a LOT of fuel saved. Passenger weights do fluctuate, but that one pound is a constant 1 pound less.



  • @MasterPlanSoftware said:

    @pitchingchris said:
    @Carnildo said:
    @MasterPlanSoftware said:

    Trusting any software or hardware to isolate this would be stupid, when you can just create two physically isolated networks.

    I cant even see how this would really require much (if any) separate cabling.

    Back in the 1980s, Boeing had a standing offer of $100 to any employee who could figure out how to reduce the weight of one of their airplanes by a pound. I'm sure they've increased the bonus by now.

    I don't see how much difference one pound will make when the weight of passengers will fluctuate much more than that. You could have skinny people seated on one side and heavy on the other, and now the pilots might have to adjust the trim for it.

    I am sure they did try and reduce weight in any way possible, but it seems Carnildo is implying:

    1) That combining the two networks would save weight.

    2) The risk in combining the networks would somehow outweigh the risk in a few more pounds IF it did actually weigh more to isolate.

     

    I would like to see either of those points backed up.

    Yeah that is pretty nifty. Hopefully helps make planes a little safer over time.



  • @MarcB said:

    @pitchingchris said:

    I don't see how much difference one pound will make when the weight of passengers will fluctuate much more than that. You could have skinny people seated on one side and heavy on the other, and now the pilots might have to adjust the trim for it.

    Just sitting on the ground, yeah, 1 pound less is nothing. But remember that fuel is *THE* major expense for airlines these days. 1 pound per mile over a lifetime of a million miles is a LOT of fuel saved. Passenger weights do fluctuate, but that one pound is a constant 1 pound less.

    I agree with you about the constant pound. I'm not so sure about the fuel thing though, because you're losing fuel over time in a close to linear fashion For the length of the trip. So the plane gets lighter as it goes.  Don't run out 🙂



  • @Pap said:

    said Bruce Schneier,

    The unexpected WTF is how quick people are to defend the statement, just because the right "celebrity" said it.

    (Yes, I am well aware of how much more Schneier knows about security than I.)



  • @magetoo said:

    @Pap said:

    said Bruce Schneier,

    The unexpected WTF is how quick people are to defend the statement, just because the right "celebrity" said it.

    (Yes, I am well aware of how much more Schneier knows about security than I.)

    Or at least everyone is willing to give him a "Get off the hook card". There wasn't much of a WTF anyway....

    The true value of this thread were the links to the 'Schneier facts'.



  • Yeah, this WTF really wasn't, I'm not disputing that. Just surprised to see the reaction.



  • @magetoo said:

    Yeah, this WTF really wasn't, I'm not disputing that. Just surprised to see the reaction.

    In light of threads like SpectateSwamp's how could ANYTHING surprise you anymore?



  • @MasterPlanSoftware said:

    @magetoo said:
    @Pap said:

    said Bruce Schneier,

    The unexpected WTF is how quick people are to defend the statement, just because the right "celebrity" said it.

    (Yes, I am well aware of how much more Schneier knows about security than I.)

    Or at least everyone is willing to give him a "Get off the hook card". There wasn't much of a WTF anyway....

    The true value of this thread were the links to the 'Schneier facts'.

    Bruce Schneier doesn't use an IDE, or even an editor. He uses punch cards and an AK47



  • I've used 802.11g between two laptops for 8 hours watching movies on a British Airways flight once. VLC streaming, I played it on one and unicasted it to the other one - we were in first class so the seats were opposite facing each other in that weird S kinda setup. I honestly have a hard time believing that the FAA would think 802.11 would interfere with any avionics equipment, people actually do use it pretty regularly, same with bluetooth, etc. I see it all the time while flying.



  • @Pap said:

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    You'd think the CTO would have passed high school math.


    Sure nothing's wrong with yours? For a continuous distribution the probability of a specific outcome is zero. http://en.wikipedia.org/wiki/Probability_distribution But it doesn't follow that the outcome is impossible. See also http://en.wikipedia.org/wiki/Almost_surely (look for numbers one and zero associated with adverbs which will almost surely surprise you).

    If it's impossible, then the probability sure is zero. The reverse is not true.



  • @ulzha said:

    @Pap said:

    "The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

    You'd think the CTO would have passed high school math.


    Sure nothing's wrong with yours? For a continuous distribution the probability of a specific outcome is zero. http://en.wikipedia.org/wiki/Probability_distribution But it doesn't follow that the outcome is impossible. See also http://en.wikipedia.org/wiki/Almost_surely (look for numbers one and zero associated with adverbs which will almost surely surprise you).

    If it's impossible, then the probability sure is zero. The reverse is not true.
    Th<font color="#000000">e </font><font color="#000000">probability may be zero, but the </font><font color="#000000">odds aren't. Read the OP again.</font>



  • @PJH said:


    Th<FONT color="#000000">e </FONT><FONT color="#000000">probability may be zero, but the </FONT><FONT color="#000000">odds aren't. Read the OP again.</FONT>

    You mean exactly what?
    @Pap said:

    "The odds of this being perfect are zero," said Bruce Schneier,





  • I am not commenting on linguistics (if you meant to argue odds be non-zero because that's how it is in the gambling definition); I'm worried about the OPers apparently intended WTF which spans multiple phrases highlighted in bold and relates to math.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.