Now this is the cyberpunk future I was promised
posted by Slackermagee at 6:05 AM on March 23 [25 favorites]

Eastbound and Down is the song you were looking for.
posted by Big Al 8000 at 7:13 AM on March 23 [9 favorites]

Huh, so it turns out reserving profits for the owners by squeezing drivers, constantly monitoring them, and generally trying to automate them out of existence makes the nation’s infrastructure worse and more vulnerable? It’s almost like automating for profits is a bad idea….
posted by GenjiandProust at 7:16 AM on March 23 [17 favorites]

Someone call Elon
posted by gottabefunky at 7:18 AM on March 23

Neat.
posted by The Manwich Horror at 7:31 AM on March 23 [1 favorite]

Allowing two-way wireless access to the vehicles CAN Bus network, the thing that operates all the motor/engine and brake and other systems/sensors seems like a really bad idea. From what little I know of the CAN Bus system, it has no? few? security features. Which car thieves exploit too.
posted by bonehead at 8:39 AM on March 23 [3 favorites]

Is this something I'd need to own a truck for to understand?
posted by rikschell at 9:12 AM on March 23 [3 favorites]

The capitalists seem really keen on giving all of Rome one neck. The pandemic showed how vulnerable the just in time supply chain was to even brief disruption. The potential here is really staggering.

Demonstration of a Novel Truck-to-Truck Worm

My muscles involuntarily flex.
posted by The Manwich Horror at 9:13 AM on March 23 [8 favorites]

Truckin', got their chips hacked in
Con-trollin' like a cyber man
Security, more or less ain't none
Just keep hijackin' on-nn-nn
posted by Greg_Ace at 10:02 AM on March 23 [8 favorites]

Car Wars! Neato Steven Jackson vibes.

Thanks for posting. :-)
posted by Don.Kinsayder at 10:06 AM on March 23 [4 favorites]

Came for the Red Simpson reference; was not disappointed!
posted by niicholas at 12:12 PM on March 23 [1 favorite]

Electronic logs sound like a good idea, but the way they were implemented means that the actual independent owner-operators got squeezed by having to pay for the equipment and a subscription from J.J. Keller. In terms of improving safety, I don't know. It at least makes the driver aware they've gone over time, but the driver can also go "off duty" and use the truck as a "personal conveyance" and that's within the rules. I'm sure it gets abused every day.

Now, on top of all of that, some chucklehead could disable the truck for the lulz?
posted by ob1quixote at 12:52 PM on March 23

How, in this day and age, is it possible for anyone to be dumb enough to come up with a new computer-based device and not start from the premise that it will be attacked from day one via whatever interfaces it has? I absolutely despise all of the tech in our lives that is nothing but vectors for malicious bullshit because the neckbeard who came up with the idea was incapable of seeing how it could ever be put to a bad use.

Yes it's expensive to do so. But that is just a cost, like the plastic in the case and the code that makes the light glow on the front.
posted by maxwelton at 12:53 PM on March 23 [5 favorites]

Now, on top of all of that, some chucklehead could disable the truck for the lulz?

Or the mob disable it for the cargo?
posted by clawsoon at 1:43 PM on March 23

Huh, so it turns out reserving profits for the owners by squeezing drivers, constantly monitoring them, and generally trying to automate them out of existence makes the nation’s infrastructure worse and more vulnerable? It’s almost like automating for profits is a bad idea….


On the contrary, automating, even for profits alone, is a pretty good idea. The question is how to get it done. Looks like it still needs some work.
posted by 2N2222 at 1:59 PM on March 23

This stuff reminds me: I've sometimes wondered if you could, maybe just for fun, maybe to take over the world, set up a sort of weird little off-the-grid system to send best-effort data from device to device using only stuff like Bluetooth exchanges between devices, without going through phone companies and cell phone towers. Pretend none of that stuff works, or you can't risk sending your messages through them. You're walking one way, they're unicycling the other way, your Bluetooth devices exchange a few packets of text messages silently and automatically, and you both keep moving down the road in either direction. If the software was a sneaky little virus, the people exchanging and carrying messages wouldn't necessarily know they were helping to deliver messages. I guess addresses would need physical location information to help route messages to the right vicinity, some general area but not a physical address that could be tied to one person. Your device would carry the packets until it linked to another device going the right way. Maybe confirmation packets could be sent back through more traditional channels if they were available, so you would know if your message was ever delivered, but you wouldn't have to send your "Start the Pikachu revolution!" message through those traditional channels. Anyway, it's the kind of thing I would like to model just to see if I could make it work.
posted by pracowity at 2:24 PM on March 23 [3 favorites]

On the contrary, automating, even for profits alone, is a pretty good idea. The question is how to get it done. Looks like it still needs some work.

I don't really think the problem with employers maintaining an electronic panopticon is that it isn't efficient enough.
posted by The Manwich Horror at 2:33 PM on March 23 [3 favorites]

@pracowity, the thing you are talking about exists in more than one form. IIRC Secure Scuttlebutt (https://www.scuttlebutt.nz/) works in this way, and Briar also (https://briarproject.org/). Implementations for Android devices are on f-droid.org for both of these and for others I've forgotten.
posted by Rev. Irreverent Revenant at 2:39 PM on March 23 [3 favorites]

I think I did a wrong thing and above urls did not linkify. Trying again:

https://briarproject.org/
https://www.scuttlebutt.nz/get-started/
f-droid
posted by Rev. Irreverent Revenant at 2:41 PM on March 23 [2 favorites]

Hey, this is some of that internet of shit I’ve heard about!

Neat.
posted by teece303 at 4:42 PM on March 23 [2 favorites]

Couldn't find a '70s trucker song for this story

Convoy.

(Or its ’80s Dr. Demento parody, Car Phone.)
posted by Melismata at 4:49 PM on March 23 [1 favorite]

Honestly if the headline sometime in 2025 is "internet truck worm disables US supply chain", I will feel less surprised having read this thread and its related articles.

I knew the internet connectivity of vehicles could be a problem but not to this level. It's good to be informed. It gives one something to scream into one's pillow about at 3am.
posted by hippybear at 4:54 PM on March 23 [1 favorite]

Jimmy Hoffa would be furious.
posted by clavdivs at 5:48 PM on March 23

You guys don't have enough to scream into your pillow about??
posted by Greg_Ace at 5:56 PM on March 23

Couldn't find a '70s trucker song for this story

well, it's not my first rodeo (nsfw lyrics - they bleeped the hell out of it on the radio)
posted by pyramid termite at 8:05 PM on March 23 [1 favorite]

I absolutely despise all of the tech in our lives that is nothing but vectors for malicious bullshit because the neckbeard who came up with the idea was incapable of seeing how it could ever be put to a bad use.

As a retired neckbeard I can assure you it's not us who thinks building all this shit in the most insecure possible way is a good idea. It's all marketing-driven. Gotta try to be first to market with minimum viable product, then keep ahead by adding unique selling points that nobody asked for, then a few years down the track maybe slap on a bit of security theatre before the keening and wailing from the cubicle farm gets loud enough to upset the customers.

Connecting CANBUS to any network outside the vehicle is a terrible idea. Any engineer would instantly say the same thing.

Marketroids, though? They go to Engineering and say, we can make it do this, yeah? And the engineers say well maybe, but that's a terrible idea because X Y and Z and horribly expensive failure mode Q and massive security hole H, and then the marketroids say well we promised Huge Customer they could have that by Thursday so you'd better get on it.

What amazes me is that people buy this shit despite technology long having passed the point of diminishing convenience returns for each new risk taken on.
posted by flabdablet at 11:16 PM on March 23 [9 favorites]

diminishing convenience returns for each new risk taken on

Too few people realise that convenience and security are a zero sum game. More of one always means less of the other.
posted by Paul Slade at 2:26 AM on March 24 [2 favorites]

Just to be pedantic, as I'm literally obsessed with trucker country music and have been for decades, "Phantom 309" is a 1960s hit country song, 1967 to be exact, written by Tommy Faile and made famous by Red Sovine (not to be confused with Red Simpson, who was more of a "trucker country" artist). Tom Waits covered it in 1975.

The heyday of trucker country is really the 1960s, not the 1970s. The success of CW McCall's (not a country artist) "Convoy" in the early 70s notwithstanding, the genre was dying out by then in the actual country music world.

In the modern era one artist has kept the trucker country subgenre going more creatively than anyone else, and that's the incredible, under-appreciated Texas country singer and songwriter Dale Watson. Here's a sample.

/nerd out
posted by spitbull at 3:41 AM on March 24 [9 favorites]

the genre was dying out by then

Considering 1976 gave us the top-40 extinction-burst of Teddy Bear, I think we can all be grateful for that.
posted by mittens at 4:25 AM on March 24 [1 favorite]

I don't really think the problem with employers maintaining an electronic panopticon is that it isn't efficient enough.


Again, the problem isn't the employer panopticon. Keeping track of their operations isn't only their right, it's their duty.

This isn't a story about some righteous ideology. That ship done sailed. It's an engineering story.
posted by 2N2222 at 6:04 AM on March 24

Again, the problem isn't the employer panopticon .

I'm going to disagree. We should do much less shipping by road, if public safety is the actual goal.

ELD has failed to reduce dangerous driving behaviors:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3314308

Truckers are maintaining the hours of service rules to the letter, but the most common dangerous behaviors, like speeding are encouraged.

Paper logs were commonly cited to ticket truckers with speeding, but checking electronic logs is much more time consuming. Trucking inspections by DOT have gotten more thorough trying to make up lost revenue from reduced speeding charges.

And much of the information collected by these systems is inaccessible to DOT or police. They do not show up on the log.

Middle managers love surveilling employees. The quality of the work is secondary to control. You can see that with the resistance to work from home, or employers wanting access to webcams, or for people to time their bathroom breaks. We should treat these impulses as suspect and require a clear proof of benefit to the public to permit them.
posted by The Manwich Horror at 7:15 AM on March 24 [2 favorites]

I like* that they separated the comms exploit and the hack into two separate components, thereby allowing the worm to potentially self prorogate in one initiative and deliver the payload or different payloads on compromised hardware at a later time.

*Like is used in a different sense here - more akin to oh crap!
posted by Nanukthedog at 9:11 AM on March 24 [1 favorite]

I agree with flabdablet. I was at dinner last night with tech people from 2 different companies, and they were lamenting that the 2024 mantras from above included “we need to be less cautious in 2024.” (Because being cautious lets other companies leapfrog you )

The joke was “So, no more testing then?”, except sort of not a joke. Not to depress anyone, but I remember doing a tech evaluation long ago of an acquisition and our report said “Their tech is shit and totally incompatible with ours. Plus it’s riddled with fundamental security issues. Under no circumstances should we buy this company.” Guess what happened?
posted by caviar2d2 at 4:08 PM on March 24

our report said “Their tech is shit and totally incompatible with ours. Plus it’s riddled with fundamental security issues. Under no circumstances should we buy this company.”

And darkness fell upon the faces of the workers.

Guess what happened?

The workers spake amongst themselves and unto their supervisors, saying: It is a crock of shit, it stinks, and we want nothing to do with it.

And the supervisors went to their managers, saying: It is a container of excrement, and it is very strong, such that none may abide it.

And the managers went to the executives, saying: It is a vessel of fertilizer, and none may abide its strength.

And the executives spake amongst themselves, saying to one another: Our teams are saying it contains that which promotes growth, and is very strong.

And the executives went unto the Board, saying to them: It promotes growth and is very strong.

And the Board went unto the Chairman, saying to him: This new plan will actively promote the growth and vigor of the company, with powerful effects.

And the Chairman looked upon the Plan and saw that it was good.
posted by flabdablet at 6:20 PM on March 24 [9 favorites]

the CAN Bus system, it has no? few? security features

Physical isolation, traditionally. Other than that, none to speak of. There's actually a hack that came out recently where people were stealing cars by connecting a probe to the CANbus connection in the *headlight*.

FYI - CAN is for "Car Area Network".
posted by kjs3 at 2:25 PM on March 25

There's actually a hack that came out recently where people were stealing cars by connecting a probe to the CANbus connection in the *headlight*.

Let me guess, the solution will be cryptographically-signed headlights...
posted by clawsoon at 8:53 PM on March 25

...that need a special tool to make them pair with the car, which they need to do in order to switch on; and not only is that tool unavailable to anybody but the car manufacturer's authorized service centers but the headlights and the pairing tool both have firmware that's serialized, encrypted and digitally signed by the manufacturer, and every single pairing operation needs to be authorized by an online service operated by the manufacturer, so that the car will refuse to pair with any headlight or using any pairing tool whose firmware is known to have been leaked, and using the high beams requires the driver to have an active Visibility Enhancement Option subscription.

Because "safety".
posted by flabdablet at 11:47 PM on March 25 [1 favorite]