Autonomous Vehicles NOT Ready for Prime-Time

Non-Suzuki related topics. Anything can go here.
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

redmed wrote: Since then I have driven that CRV on side roads that do not have painted white lines on the shoulder side of the road and the CRV ends up swerving unto the gravel shoulder. This dampened my enthusiasm and expectations of current safety systems. From this experience and what I have read about the Tesla, Cadillac and Volvo systems. Autonomous vehicles may be close but not quite ready to fully trust without an alert human co-driver.
As I've stated repeatedly, automation, today, requires repeatable and predictable environments to operate within. As you experienced by drifting off the road, U.S. roads are not, and never will be. They're making a big deal on the news this week around here about their half-azzed pot-hole repair efforts. You want something as simple as lines? Ha! There's not enough money in the universe to create a track (that all-important repeatable and predictable environment) for autonomous vehicles to operate within in a single state let alone the entire country. I challenge all to think about, really think about, the countless decisions you make to navigate the roadway alone in a single drive to work. You are processing untold amounts of information via your sensors, making decisions and executing tasks based upon criteria you're not even completely aware of that you are in fact processing regarding the roadway alone. Forget about all the other vehicles around you, forget about traffic signals and signs, just concentrate on the roadway itself (which we are taught in driver's ed NOT to do). Mind boggling.

Yes, fully autonomous will happen some day... long after I'm dead it may be ready for prime-time. Aviation has a simpler operating environment yet there are still serious problems (ones the general public will never hear about). My problem, today, are the arrogant, greedy, self-serving individuals and 'companies' utilizing public roads as their politically sponsored test track to conduct experiments when it is quite obvious to the most casual observer the tech that is required for complete and true autonomous operation is no where near ready (at least at the costs said players are willing to invest for said tech). All of the expensive piece-meal systems being incorporated into vehicles, today, the systems mentioned in that CRV, do nothing at this time in history but to create the exact opposite of a capable and alert 'co'-driver. Human nature folks...people get lazier and less capable when they don't 'do'. Train the brain, learn by doing, practice makes perfect, etc., etc. Someone believes, or assumes, the tech is driving or operating or performing whatever function, only to find out the reality that it's really not or can not. Alas...the next problem, who's to blame for the outcome? I counter that more "accidents" will occur that should never have happened. Test track wrecks exactly like the one in the vid posted early on in this thread of a Tesla following the yellow line straight into a concrete jersey barrier at highway speeds, or, the latest Uber fatality. The web's loaded with them. In both those videos, there was zero reaction by the automation or the human until after the mishaps occurred. The tech wasn't capable and neither was the human because the human mistakenly believed the tech was infallible.
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Ronzuki wrote:
redmed wrote: Since then I have driven that CRV on side roads that do not have painted white lines on the shoulder side of the road and the CRV ends up swerving unto the gravel shoulder. This dampened my enthusiasm and expectations of current safety systems. From this experience and what I have read about the Tesla, Cadillac and Volvo systems. Autonomous vehicles may be close but not quite ready to fully trust without an alert human co-driver.
As I've stated repeatedly, automation, today, requires repeatable and predictable environments to operate within. As you experienced by drifting off the road, U.S. roads are not, and never will be. Therfore, autonomous vehicles, today, are no where near close to ready. They're making a big deal on the news this week around here about PennDOT's half-azzed pot-hole repair efforts. You want something as simple as lines for a sensor to follow? Ha! There's not enough money in the universe to create a track (that all-important repeatable and predictable environment) for autonomous vehicles to operate within in a single state let alone the entire country.

I challenge all to think about, really think about, the countless decisions you make to navigate the roadway alone in a single drive to work. You are processing untold amounts of information via your senses (that is if...you're not starring at your crotch), making decisions and executing tasks based upon criteria you're not even completely aware of that you are in fact processing regarding the roadway alone. Forget about all the other vehicles around you, forget about traffic signals and signs, just concentrate on the roadway itself (which we are taught in driver's ed NOT to do). Mind boggling.

Yes, fully autonomous will happen... some day... long after I'm dead it may be ready for prime-time. Aviation has a simpler operating environment yet there are still serious problems (ones the general public will never, ever hear about). My problem, today, are the arrogant, greedy, self-serving individuals and 'companies' utilizing public roads as their politically sponsored test track to conduct experiments when it is quite obvious to the most casual observer the tech that is required for complete and true autonomous operation is no where near ready (at least at the costs said players are willing to invest for said tech). All of the expensive piece-meal systems being incorporated into vehicles, today, the systems mentioned in that CRV, do nothing at this time in history but to create the exact opposite of a capable and alert 'co'-driver. Human nature folks...people get lazier and less capable when they don't 'do'. Train the brain, learn by doing, practice makes perfect, etc., etc. Someone believes, or assumes, the tech is driving or operating or performing whatever function, only to find out the reality that it's really not or can not. Alas...the next problem, who's to blame for the outcome? I counter that more "accidents" will occur that should never have happened. Test track wrecks exactly like the one in the vid posted early on in this thread of a Tesla following the yellow line straight into a concrete jersey barrier at highway speeds, or, the latest Uber fatality. The web's loaded with them. In both those videos, there was zero reaction by the automation or the human until after the mishaps occurred. The tech wasn't capable and neither was the human because the human mistakenly believed the tech was infallible.
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Automation Security (lack thereof)....I get these little reminders daily of how poorly everything is coded and tested. They're not vendor immune, and, I only have the products selected that we actually utilize on a regular basis....can you just imagine being barraged with this BS for your car? As an owner of an autonomous anything you won't, of course...all would avoid airing the dirty laundry. They'll just keep pushing updates down to the vehicle unbeknownst to the owner/operators...much like the 2018 Heep owners are currently having the pleasure of experiencing. Make no mistake, there's absolutely no difference between retail, commercial or industrial when it comes to security (lack thereof) and hackers. If it's a computer based device, of any kind, and is 'connected', these are the harsh realities. Be afraid, have an excellent lawyer at the ready, and, possess a very, very large check-book balance.

Dear Ron,
Rockwell Automation is releasing this notice titled "FactoryTalk Activation Manager Vulnerabilities". You are receiving this notification based on your Rockwell Automation Knowledgebase account and selected profiles of interest that you have established. Rockwell Automation is sending this notification based on the following profiles from Knowledgebase that include:
Category - "General" and/or "Product Security"
Please click on this link to review Knowledgebase Article ID 1073133 - https://rockwellautomation.custhelp.com ... id/1073133.
AFFECTED PRODUCTS
FactoryTalk Activation Manager v4.00.02 and v4.01
• Includes Wibu-Systems CodeMeter v6.50b and earlier
FactoryTalk Activation Manager v4.00.02 and earlier
• Includes FlexNet Publisher v11.11.1.1 and earlier
The following products require FactoryTalk Activation Manager to store and keep track of Rockwell Automation software products and activation files. Customers who recognize products from the following list are using FactoryTalk Activation Manager.
• Arena®
• Emonitor®
• FactoryTalk® AssetCentre
• FactoryTalk® Batch
• FactoryTalk® EnergyMetrix™
• FactoryTalk® eProcedure®
• FactoryTalk® Gateway
• FactoryTalk® Historian Site Edition (SE)
• FactoryTalk® Historian Classic
• FactoryTalk® Information Server
• FactoryTalk® Metrics
• FactoryTalk® Transaction Manager
• FactoryTalk® VantagePoint®
• FactoryTalk® View Machine Edition (ME)
• FactoryTalk® View Site Edition (SE)
• FactoryTalk® ViewPoint
• RSFieldBus™
• RSLinx® Classic
• RSLogix 500®
• RSLogix 5000®
• RSLogix™ 5
• RSLogix™ Emulate 5000
• RSNetWorx™
• RSView®32
• SoftLogix™ 5800
• Studio 5000 Architect®
• Studio 5000 Logix Designer®
• Studio 5000 View Designer®
• Studio 5000® Logix Emulate™
VULNERABILITY DETAILS
Vulnerability #1: CodeMeter Cross-Site Scripting
A Cross-Site Scripting ("XSS") vulnerability was found in certain versions of Wibu-Systems CodeMeter that may allow local attackers to inject arbitrary web script or HTML via a specific field in a configuration file, potentially allowing the attacker to access sensitive information, or even rewrite the content of the HTML page.
CVE-2017-13754 has been assigned to this vulnerability. Rockwell Automation evaluated the vulnerability using the Common Vulnerability Scoring System ("CVSS") v3.0. A CVSS v3 base score of 2.7/10 has been assigned. For a better understanding of how this score was generated, please follow this link: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N0/I:L/A:N
Vulnerability #2: FlexNet Publisher Remote Code Execution
A custom string copying function of Imgrd.exe (the license server manager in FlexNet Publisher) and flexsvr.exe does not use proper bounds checking on incoming data, potentially allowing a remote, unauthenticated user to send crafted messages with the intent of causing a buffer overflow.
CVE-2015-8277 has been assigned to this vulnerability. Rockwell Automation evaluated the vulnerability using the Common Vulnerability Scoring System ("CVSS") v3.0. A CVSS v3 base score of 9.8/10 has been assigned. For a better understanding of how this score was generated, please follow this link: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
RISK MITIGATIONS and RECOMMENDED USER ACTIONS
Customers with affected versions of CodeMeter and/or FlexNet Publisher that were installed with FactoryTalk Activation Manager are encouraged to review the table provided in Knowledgebase Article ID 1073133 for suggested actions that will address the risks associated with these vulnerabilities.
GENERAL SECURITY GUIDELINES
1. Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.
2. Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
3. Use of Microsoft AppLocker or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com ... _id/546989.
4. Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking or restricting access to TCP and UDP Port# 2222 and Port# 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270.
5. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
6. Locate control system networks and devices behind firewalls and isolate them from the business network.
7. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: 54102 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.
If you have questions regarding this notice, please send an email to our product security inbox at: [email protected].
ADDITIONAL LINKS
• 54102 - Industrial Security Advisory Index
• Wibu Systems AG CodeMeter 6.50b - Persistent XSS Vulnerability (From SecurityFocus)
• Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability (From the Vulnerability Notes Database)
RockwellAutomation
LISTEN. THINK. SOLVE.
1201 South Second Street
Milwaukee,WI 53204
[email protected]
If you would rather not receive notifications from the Knowledgebase, you can update your Knowledgebase profiles accordingly.
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
KuroNekko
Posts: 5170
Joined: Wed Aug 15, 2012 5:08 pm
Location: California, USA

Ronzuki wrote:The polar-opposite of autonomous...in function and cost of ownership....

https://www.ericpetersautos.com/2018/03 ... ant-drive/
I'd pass on the Mahindra, but this, I'd actually want:
https://jalopnik.com/the-toyota-land-cr ... 1825172161
2011 Suzuki Kizashi Sport GTS 6MT (Black)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Interesting...maybe the tides are beginning to change. For my purpose of a rot-free Samurai replacement, and the beating it would receive, I'd pass on the LC. Still has too many airbags, Bluetooth and other un-appealing attributes, including what appears to be IFS and likely a ridiculous price tag. Down from what, $80k to maybe half that at best? Valent attempt, but I'll pass. The Roxor is still light enough, stock, to be flat-towed by the Heep. Solid axled and leaf sprung, easily modifiable to bang around on the boulders.
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

More shocking revalations...who gives over that kind of money before demonstrated proof of existence or proof of functionality?

https://arstechnica.com/cars/2018/04/wh ... for-tesla/
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Woodie
Posts: 1167
Joined: Sun Apr 28, 2013 10:09 am
Location: Laurel, MD

The most obvious thing missing from Tesla's cars, from an autonomy perspective, is lidar. The companies that have made the most progress toward fully self-driving cars—including Waymo, Uber, and GM's Cruise—all have lidar on their cars.

Defying the industry consensus, Tesla CEO Elon Musk has repeatedly insisted that lidar is merely a "crutch" and that it's possible to build fully autonomous vehicles using only cameras and radar.
It's a crutch with a hinge in the middle of it. Just ask Uber.
Alcohol, Tobacco, and Firearms
Should be a convenience store, not a government agency
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Yeah, I laughed at that particular statement as well.

Like I said...they're ALL extremely arrogant to think this garbage is anywhere remotely ready to be unleashed upon public roadways in America. That's "the most obvious thing" they're ALL missing....
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
User avatar
Ronzuki
Posts: 2382
Joined: Wed Nov 17, 2010 5:33 pm
Location: Lancaster County, PA

Ole' Elon still pushing product out the door that's not fully tested, and the blame game continues...

http://www.foxnews.com/auto/2018/05/25/ ... truck.html
Ron

2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded :D :D )
1991 Samurai, 5-Speed, EFI, Soft-Top ( :| sold)
Post Reply