stonewolf (234392) writes "As the owner of a 2006 Pontiac Vibe (i.e. a Toyota Corolla that I can sit in without hitting my head on the ceiling) who has personally experience uncontrolled acceleration caused by the floor mats fouling the gas pedal I have a personal interest in the safety of these cars. (To be fair, I bought the car used so I do not know if the floor mats are original equipment or not and the 2006 Vibe has not be recalled for anything.)
The geek in me makes me ask the obvious questions about what kind of computers they use and what their development methodology is. I had always assumed (and you know what that means) that drive-by-wire systems would be subject to the same kinds of regulations that apply to aircraft fly-by-wire systems. But, it seems they are not. I have spent time searching for any info, including reading through a number of Toyota's patent filings and I can not find any info that I can use to evaluate the safety of their systems. I started to get really worried when I found a report that said there is only one laptop in the US that can read the "black box" built into Toyota cars. When a company goes to that kind of effort to hide information it is a sign that they *need* to hide the information.
Can anyone tell me anything about the computer systems in these cars? Are they using redundant, i.e. tell me three times, computer systems? If they are redundant, do they use the same processor for all the CPUs? Do they run the same software on all the CPUs? (If you don't understand why I'm asking this go look up "common mode failure". What is their fail over system. What is their software development methodology? What is there verification process. How do they certify their developers? What outside group audits there code and their process? What do they do to ensure against power failure? What kind of EM shielding do they have? What kind of interference ingress filtering do the have on the lines going into and out of the (hopefully) EM shielded computer system?
If I were asking about a 747 I could look all this up. Why is it not a matter of public record for a car? If a 747 crashes a few hundred people are killed. Toyota software affects the safety of millions of people. So far over 10 million cars have been recalled.
So far the popular press has nearly ignored the software part of the problem. I watch CNN way to much... I have seen several interviews with mechanical engineers, include a Ph.D level engineer. I have not seen an interview with a single software developer. Help me find this information for all the people who drive Toyotas every day.
Oh well, even if you can't help me find this info, maybe this posting will be seen by a lawyer who will be able to subpoena the information and make it public in the court record. We can only hope.
You know... your life may depend on this information." top
stonewolf (234392) writes "I have discovered that Bank of America is covering up a data breach and I would like to know who had the breach and how severe it is. I can not find the information on the net and representatives of BofA have refused to answer my questions. They have also refused to forward my requests to someone who can answer. On top of that they have flat out lied to me. Is Slashdot willing to help break this story? What follows is how I found out about the breach.
Yesterday I tried to pay my Bank of America credit card bill online. After I logged in I noticed that the account number was not correct, but the charges were. I tried to get to the bill pay page and was asked to reenter my bank account numbers. The site refused to let me go on until I entered at least one bank account number. When I tried to go back it was sent to the security settings page where I was strongly encouraged to change my password.... I suspected either a man in the middle attack or a greater than usual level of incompetence on the part of BofA. So I called them up.
The automated system asks for you account number. I gave it and it read it back to me perfectly. It then said that my account was not recognized and made my read it again. It again read it back perfectly and then let me into the menu system. The menu system eventually let me talk to a human being.
The first person I talked to told me that the account number had changed because I had reported the card lost or stolen. But, I had not done that. I still have the card. She told me that it must have been the number of the original card from when it was stolen more than 10 years ago. But, the account number had been correct since way back then. She told me it was because I was using an old bookmark. I knew better but I tried typing the URL and logging in again. I got the same result. I demanded to talk to second line support. She gave me a phone number, just in case I got cut off, and put me on hold. After 10 minutes I realized I was on permahold so I hung up and called the number she had given me. It was not a valid number.
I called back several hours later. (When I am that pissed off I have found it better to call back later:-)
The second time I called in I got a really nice person. She looked at my account and told me that my card had been reported lost or stolen sometime since the start of the year. Then she established that I had not reported it. She asked my if I had used the card since the start of the year. I had used it just a few days ago and so had my wife. She told me that I should not be able to use that card and then she said this is to weird. There is some weird stuff here. Then she sent me to second line support. I got another very nice and helpful person. He told me that the card had been reported lost or stolen in early January 2010 and that I should not be able to use the card and that a new card had been sent to me in January. I freaked. Where was that card sent? Had it been activated? WTF!!! He asked me to wait while he looked it up. Then he told me he was sending me up to another level of support. He said this is very weird. I've never seen this before.
The third fellow started off with a standard script. I cut him off and told him what I already knew and demanded an explanation. He sounded surprised and upset that I had already learned so much. He admitted that my card had been reported lost or stolen by a major 3rd party vendor. Who? He refused to answer. When? He said February 2, 2010. I pointed out that two other people at BofA said it was in January. He insisted that it was 2/2/2010. Someone is lying. I asked why I wasn't notified. He said that I had been, or would be, notified by mail. I asked why my card was still active. He said they did not want to inconvenience me. Two other people told me that they were required to block a lost or stolen card. I asked what they were doing to prevent someone else from using my card. He said they were watching my account closely. I asked how they could tell my charges from someone else's charges. He refused to answer. I asked why I was not called. He refused to answer. I pressed for an answer and was told that BofA had no way to call me. I called bullshit and pointed out that the one time I was a late with a payment I got an automated telephone call. He said he could not answer the question. I asked why I was not sent an email. He said they could not send me email. I opened my email and read and email from BofA to me about my account. I asked why I the web site allowed me to login. He refused to answer. I asked why the web site did not notify me of the problem. He refused to answer. I asked to speak to someone else in the company. He refused. I demanded to speak to someone higher up. He refused. I asked him how I was going to pay my bill, yes I was getting way past sarcastic. He suggested I write a check or go to a local BofA branch office. Finally a reasonable answer.
BofA is covering up a data breach by a (according to them) major 3rd party vendor. It looks like the breach occurred in early January. BofA appears to have been aware of the breach since then. As far as I can tell they are doing nothing to protect their customers accounts and are using the slowest possible means to notify us of the breach. Because I have not received any sort of notification I can not confirm that they are actually notifying people. They are clearly more interested in protecting the source of the breach than in protecting their own customers.
I have to compare this when something similar happened to my accounts with Wells Fargo. When they had a data breach that affected me they went public with the information. I heard about it on Slashdot before they called me. I had a written notice withing a day of the phone call. I called and asked for details and wound up talking to someone I could verify was a VP in their IT group who personally apologized and told how the breach occurred and what they were doing to prevent it from happening again. They also offered me compensation, nothing big, just some free services, but it was compensation. From BofA all I get are lies.
Does anyone have any information? How big is this? Who was cracked? The list of possible third parties includes Fry's, Newegg, Dreamhost, and Marriot Hotels, along with a number of local bars, restaurants, and sandwich shops that hardly rate as "major".
When a financial institution that is to big to fail is lying to you, what can you do? Ask Slashdot readers for help.
stonewolf (234392) writes "In response to a story about Verizon I just posted the URLs, and where reasonable, the phone numbers of the FCC, the White house, the US Senate, and the US House of representatives. If I had the info at hand I would have added the the contact information for the public utility commissions (or their equivalents) of each state.
The lack of political participation by geeks in their governments is a real problem. (Ok, maybe only in my mind.... I'm sure the pols don't mind at all.) When we do decide to take action it is often misdirected and/or misguided. DDoSing city hall is *never* a good idea.
So, why not put a tab on the site that gives contact information for agencies like those I listed above? I'm sure this is something that people would use. And, I'll bet you could get people to provide this information for you. You would not have to dig it out your selves. In fact, it would be pretty cool to just add a special "reply" button that is just to provide URLs of appropriate contact information. (The URLs would have to be moderated.) Doing something like that would empower Slashdot readers all over the world to take reasonable and appropriate actions in response to articles that affect their lives.
In the case of the Verizon article, a single call to a Senator or the White House could have much more effect than a thousand calls to Verizon.
It doesn't take much thinking to see why you might *not* want to do what I am suggesting. But, seriously, think about it. You would be doing even more good than you currently are. If nothing else you would be helping to educate geeks on how to actually effect change in ways that are acceptable to the rest of the population.
stonewolf writes "I'm a teacher with an odd schedule... I'm an open source software developer...
Anyone know of some way to get a Linux development environment that I can run on windows from a flash drive? I'm currently running Ubuntu in a virtual machine and that is just too slow... Even a faster VM would be nice.
I have a couple/three hours a day that I could use to develop software if I had a usable portable development environment. At work I live in highly locked down world. I have some admin rights on my machine. But, it is cleaned and reset every night. No changes survive from one day to the next.
What I really want is a Linux development environment that works like the tools from PortablesApps.com anyone know of anything like that?" top
stonewolf writes "Sorry to submit this comment this way, but I couldn't find any other way to do it. You see, I can't read the site through the pop up flash ads that are right in the middle of the articles. I wouldn't mind them so much if there was a way to close them, but there isn't. Send me an email when you regain your senses and I will read your site again. Until then, so long. There is just so much I am willing to put up with in the way of visual polution and time wasting from a web site. Even one where I spend as much time as/.
seriously, I love the site. I used to visit it every day. And I will be back just as soon as I hear that you have done away with those ads.