Your USB Battery Bank Is Cheating On You

Did you know your USB Battery Bank is cheating on you?  Do you know what a USB Battery Bank is?  Let’s cover the latter question first.

What Is A USB Battery Bank?

Most of us these days have lots of tech devices and all those tech devices LOVE to eat power.  Many of them have rechargeable batteries, and, in many cases, if you don’t attach them to a power cord every few hours, you’ll be getting a blinking and / or beeping indicator that the battery is almost dead.  Many of these devices now have a micro USB power plug, and thus can be charged from the USB port on a PC (if they only need 500 mA of current) or from a USB power adapter like you can plug into your house electrical outlet or your car’s cigarette lighter.  The latter two devices can usually supply 1 A of current or even 2+ A of current for larger devices.

But, what if you’re not near a power outlet?  What if you’re on a trip?  What if you’re roaming around in your car without a power adapter?  What if you’re walking down the street and your device’s battery is dying?

This is where the USB Battery Bank comes in.  These go by different names including: USB Battery Bank, USB Battery Pack, USB Power Bank, USB Power Pack, and various other permutations.  The concept is simple.  The manufacturers take a rechargeable battery, some control electronics, some status indicators, and a few buttons and connectors and package all that up in a portable case.  When it’s done, you have a portable battery that you can take with you to pump up the charge of your other devices when you need to, within the capacity limits of the portable battery.  Most smaller battery banks charge from a USB plug.  Some larger ones charge from AC power.  The output is a USB port with an output voltage of 5.0 V.

So, you charge up your USB Battery Bank and take it with you to your car or on your walk.  When your cell phone with its big bright screen starts getting low on charge, you connect the USB Battery Bank to the phone and charge the phone’s battery.  Life is good.

Your USB Battery Bank Is Cheating On You

Now, back to my first question.  Did you know your USB Battery Bank is cheating on you?  No, it’s not helping your spouse arrange secret dates.  IT, itself, is cheating on you.  It’s deceiving you, and you don’t even know it.  It starts deceiving you the moment you look at it in a store, in a catalog, or online.

This applies to USB Battery Banks in travel routers and similar devices as well as stand alone devices of almost any brand.  If you buy one of these USB battery banks, of almost any brand, you are automatically being snookered.  That’s because the entire industry uses deceptive labeling and is misleading people about the battery bank output capacity.  The unit I bought says it has a 6000 mAH capacity.  Well, I NATURALLY assumed, as most consumers would, that I could get 6000 mAH from the OUTPUT port.  So, you’d think you could charge a 2000 mAH device about 3 times.  Well, you CAN’T.  I actually requested a replacement device because I wasn’t getting enough charge from the output.  That was before I learned what I’m about to share.

Basic Electronics

Battery specs involve 3 basic parameters: nominal (average) voltage, current capacity over time, and total power capacity.

A word about prefixes.  In the context of these discussions, the prefix “m” means the metric prefix of milli, which means 1/1000.  So, a milliamp (or mA) is 1/1000 of an Amp.

We can make some general analogies between electricity in a wire and water in a container or hose.

Current, measured in Amps (or fractions of it), is a FLOW RATE of electricity.  It is roughly analogous to gallons per minute of water.

Voltage, measured in Volts (or fractions of it), is essentially ELECTRICAL PRESSURE.  It is roughly analogous to pounds per square inch of water pressure.  Note that I said ROUGHLY analogous.  The important thing to know is, the more pressure, the more quickly the current wants to flow and the more it wants to break through barriers.

Finally, power is the combination of voltage and current and represents the ability to do work at a certain rate.  The term horsepower literally is derived from the rate at which a strong healthy horse can do work.

Electrical power is measured in Watts (or fractions of it).

The analogy to water is say you have a tank of water under pressure.  You let the water come out of a pipe and turn a turbine.  The more pressure, the more flow, and the more power the water has and the more work the turbine does, because of both the pressure and the flow.

Battery Ratings

Batteries are rated by 3 primary factors:

voltage output – The average voltage that the battery maintains while its output is usable.
mAH – milliamp-hours – While the battery output varies continuously, if it can provide, on average, 1 mA of current for 1 hour, that is 1 mAH.  This measures the total amount of electricity it can provide.
mWH – milliwatt-hours – While the battery output varies continuously, if it can provide, on average, 1 mW of power for 1 hour, that is 1 mWH.  This measures the total amount of power it can provide.

How The USB Battery Bank Deceives You

As I mentioned before, I and the average consumer would assume that if the box says 6000 mAH, that the battery BANK, the device I’m holding in my hand, would output that much current on the OUTPUT port AT the OUTPUT VOLTAGE, which, for USB, is 5.0 V.  This is not the case.

The problem is that the rating on the box is (in almost all cases) the rating of the BATTERY, not the BATTERY BANK!

If the battery bank has a Lithium Ion battery inside, which many do; that battery would have an output voltage of 3.6 V.  Little did you or I know, but the rating on the box is the rating of THAT battery at THAT voltage.  So, it can output 6000 mAH in our example AT 3.6 V.

You can calculate DC (battery) power by multiplying current times voltage, so:

6000 mAH x 3.6 V = 21,600 mWH

That is the total power the battery can supply.  HOWEVER, we have to divide by 5 V if we want to find the mAH at the USB output.

21,600 mWH / 5 V = 4320 mAH @ 5.0 V

This is the current capacity that should THEORETICALLY come out of the USB port.  BUT, that’s not the end of the story.

Between the battery and the USB output port is a device called a “boost converter”.  This device converts the 3.6 V coming from the battery to the 5.0 V at the USB output port.  This device can be very efficient or very inefficient.  I’m going to use some pretty much worst case numbers here but these correlate well to my testing on the battery bank I have.  Assume this device is 75% efficient.  That means we will lose 25% of our theoretical output.  So:

4320 mAH x 75% = 3240 mAH @ the USB OUTPUT port @ 5.0 V

So, the bottom line is, with a 6000 mAH USB Battery Bank, you may only get 3240 mAH out of the USB port to charge your devices.

You actually get about 1/2 of the capacity FROM THE USB OUTPUT port versus what’s stated on the box in almost all cases.

I’ve created a chart which shows about how much energy you can expect to actually get out with different USB Battery Bank sizes.


USB Battery Bank Output – Click To Enlarge

Here’s a link to the chart in a PDF file:

How to read the chart:

Column 1 – Shows the battery bank rating you might read on the packaging.
Column 2 – Shows the total power the battery can supply.
Column 3 – Shows the theoretical current capacity available at the USB output port @ 5.0 V.
Column 4 – Shows the assumed boost converter efficiency.
Column 5 – Shows the likely current capacity available at the USB output port @ 5.0 V.

Additional Info And Resources

You can use the following device to actually measure what’s coming from the USB port.

Also, be aware that normal USB charging cables are not rated for high currents.  They are typically designed for .5 A or 500 mA.  You can use the following cable to get better results with higher charging currents, assuming your battery or power supply is capable of that.  Note, however, that these cables are only for charging.  They do not transmit data.  This can be a good thing if you want to protect your devices from being infected with a virus coming from the charger.  (YES, that can happen.)  Not sure if these work with Apple devices or not.

Here are some other blog posts on the subject.:

Enjoy.  As always, Let The Buyer Beware!


You, Yes YOU, Should Care About IOT Security

Posted: February 18, 2016 at 12:32 AM EST
Updated: June 9th, 2016.
Updated: March 6th, 2017 at 02:35 PM EST
—Added this article to some other categories.  Added RSS links at the bottom.

One of the things on many people’s wish list is an IOT item of one kind or another.  Before I go on, I should define that jargon word.  IOT stands for Internet Of Things.

For the purposes of this discussion, I’m going to consider an IOT thing to be any network connected device that is not a traditional computer, tablet, or smart phone, and particularly those devices that are not used for traditional office tasks like word processing and email.

I realize this is a bit vague.  If you connect a monitor, keyboard, and mouse to a Raspberry Pi, it could be used like a traditional computer.  But, if you make a weather monitoring station out of it and connect it to the net, I’d call it an IOT thing.

What IOT things might be on your wish list or shopping list?  Smart TV’s, smart DVD players, web cameras, connected doorbells, smart thermostats, home automation equipment, connected refrigerators, connected toasters, connected coffee pots, security cameras, smart garage door openers, and so on.

Here is why you, yes YOU should care about IOT security.  I do not attempt to do an in depth analysis on the subject.  This is more of a brief “literature review” to pique your interest and get you to look at it in more depth.

First, credit where credit is due.  This article was primarily inspired by several Security Now podcasts by Steve Gibson.  I always get good stuff from him.

Security Now Web Page

Episode 545 – Three Dumb Routers

Episode 559 – Dumb SmartThings

Episode 560 – Z-Wave Goodbye

Episode 562 – IOT Infancy

Episode 563 – IOT Infancy PT 2

Although I’m painting with a broad brush here, suffice it to say that IOT things ABOUND with and are OVERFLOWING with security problems.  This is not to say that all things have problems, but most do.  These range from things like the THING has a flaw which allows someone to steal the WiFi key to your network to the THING leaks or sends your private data or habits to an insecure server to the THING can be hacked remotely and taken over, etc.

You NEED to read this book.  Don’t mess around and don’t wait.  Just go to Amazon and get it and read it.  I don’t make any money if you do, and there’s no referral code in the link.  But, it’s good info that you need to know.  Most of you have NO IDEA how much danger you or your kids may be in from cyber crime and from those cool IOT things.

Future Crimes – By Marc Goodman – also in Audible and Kindle.

If you buy IOT things, consider connecting them to their own separate WiFi router in your home.  That router should then be connected to a main router which should then be connected to your cable / dsl modem.  Your Non IOT things would be connected to a third router which is also connected to the main router.  Note, however, that to talk directly to your IOT thing, like a camera, you’d have to attach your phone / tablet / pc to the IOT router.  If the IOT thing talks to an external service on the net, and your phone / tablet / pc talks to that service to interact with the IOT thing, there should be no problem communicating with the IOT thing.

Below is an example diagram of how you could connect your things on their own router.  This helps isolate the things and minimizes damage and danger to your network if one or more things is compromised.

IOT Router Diagram

IOT Router Diagram – Click to enlarge.

Below is a list of links I found that looked interesting by googling for IOT hack attack.  I didn’t read every word, but scanned them for the gist of the article and for quotes.  These should serve to introduce you to the issues involved.  I may edit this post later with some more tips, but for now, just know that you, yes YOU should be concerned about IOT security.

You may keep up with updates to this article via the RSS feeds for the IOT category or the security category or any other category which is listed at the bottom of the article.

See list of links below.

“hackers could remotely seize control of over a million Chrysler automobiles”
hypothetical scenario of attack on kitchen oven leads to shut down of power grid
“between 26 and 212 BILLION devices will be connected to the web by 2020”
“5 things that can already be hacked – webcams, automobiles, refrigerators, printers, medical devices”
“shopping mall cctv cameras are launching ddos attacks”
“nearly 70% of attack victims are targeted for the purpose of advancing a different attack against another victim”
“any connected device can be a pivot point into your network”
“many people take home sensitive corporate material”
“wifi connected coffee maker … hacker can drive past your house and steal your wifi key”
“if you haven’t configured your kettle … hackers can … take over your kettle”
“675,186 — the number of cyber attacks against industrial control systems that occurred in January 2014”
“hackers attacked a German steel mill, causing serious damage to a blast furnace”
“Researchers have uncovered security flaws in Samsung’s IoT smart fridge which can be exploited to run man-in-the-middle (MITM) attacks.”
“Earlier this year, tests conducted by the Defense Department identified cybersecurity vulnerabilities in Apache helicopters, drones, Army radios and Navy ships.”
“Security cameras, drones, door locks and a home automation system were found to have vulnerabilities.”
“drone, made by a company called Parrot, has a widely known flaw that allows others to gain control of its systems”
(not IOT specific but still relevant)
“75% of Businesses Not Engaging Full Board (of directors) in Security”
“458% increase in the number of times hackers searched Internet of Things connections for vulnerabilities”
“51% of organizations are not re-evaluating their information security as a result of high-visibility data breaches”
“78% of all employees do not follow the security policies set forth by their employer”

This next one is scary.
“10 IoT security breaches (so far), which you’re probably not aware of.”
“nuclear facilities, steel mills, energy grid, water supply, hospitals, building infrastructure, oil rigs, firearms, airplanes, the kitchen”
target breach was carried out by an attack on hvac maintenance system
hp analysis – 10 most popular IOT – “found 250 different security vulnerabilities in the products”
“We need to understand that EVERYTHING we connect to the network might be a stepping stone for an attacker”
“After researching the network storage devices I found over 14 vulnerabilities that would allow an attacker to remotely be able to execute system commands with the highest administrative privileges”
“smart TV from Vizio that was subjected to a man-in-the-middle attack because it couldn’t be bothered to validate the HTTPS”
“exploits a vulnerability in the firmware of a widely-installed hotel room, opening the door”
“FBI Warns Public on Dangers of the Internet of Things”
“We’re at a crisis point now with regard to the security of embedded systems”
“In short, hackers have an incentive to create an army of malware-infected toasters.”
“Europol, Europe’s crime intelligence agency, believes that the Internet of Things era will be dominated by new types of hacking attacks, including the potential death”
“possible to hack into an Internet-connected insulin pump”
“Researchers hack a pacemaker, kill a man(nequin)”
“FDA issued a warning to the public regarding the security risks associated with the use of Hospira’s Symbiq infusion pumps.”
“(FBI) Deficient security measures, patching challenges and a lack of security awareness have provided cybercriminals opportunities to remotely attack these devices”
“Each attack had an immediate impact on the (telesurgery) robot, making it difficult to control and carry out the operation”
“a spam campaign totaling 750,000 malicious emails originated with a botnet made up of “more than 100,000 everyday consumer gadgets”
“Smart meters widely used in Spain can be hacked to under-report energy use, security researchers have found.”
“alarming security gaps in the world’s critical infrastructure organizations


CONSUMER Thoughts on Abusive TV and Online Ads

TV ads and online computer ads in particular are getting more and more intrusive, abusive, generally obnoxious, and sometimes really harmful.  One of the podcasters I listen to has been discussing the issue.  He has a conflict of interest since his network is ad supported.  But, he at least tries to be fair and non abusive to consumers.  Here’s a note I sent to him on the subject, expressing my opinion.  It is modified slightly to make it more generic.

Hello podcasters.  I’ve been finding your discussions on the podcast regarding ads interesting.  I do see both sides of the fence, sort of.  But, as a consumer, the FIRST thing I’m going to do is protect my interests.  I have a number of thoughts, which you’re welcome to use on the show as you wish.

My ad policy on the web is the same as it is on tv – I disregard almost all ads.  Let me tell you who I am as a consumer.  I don’t think I’m uncommon.  I’m middle class.  I have limited discretionary income, space, and time.  I don’t need to be sold to.  I know what I need and want (for the most part) and I know what I can and cannot afford.  For an ad to stay in front of my face and for me to pay ANY attention to it, it has to be relevant to me.

I don’t need a new car, no matter how pretty.  I cannot afford it unless I wreck mine and then it’s going to be used and old.  I don’t need new car insurance.  I don’t need any of a dozen dangerous new prescription drugs.  I don’t need fat control drugs that probably don’t work.  I don’t need a new mortgage.  I don’t need the latest kids candy with all sorts of dye in it.

So, for 99.9% of ads on tv, within 3 seconds, or even if I’m buzzing past with the remote, I can see they’re not relevant to me.  At that moment, they’re dead to me.  I don’t need to be sold and I don’t need to be persuaded that I need something that I don’t.  The ad is gone.  I almost never watch live tv because it’s simply too painful and too much of a time waster to lose 25 minutes out of every hour to non relevant commercials.  I record almost everything and skip almost all ads.  I voluntarily get some electronics ads in email, which have lots of good geeky stuff.  But, for several weeks, I haven’t bought anything, since I have almost more tech now than I can maintain, and don’t have time or money or space for something else.  In case of one of your ads, (nothing against it) for (XYZ Co) shaving stuff, that ad will NEVER hook me.  Why?  I don’t shave except every 6 weeks or so.  (OK that may be unusual.)  And, I NEVER use a blade.  It’s clippers or electric razor for me.  I’m not the customer.  Your ads in the podcasts are fine, and occasionally useful to me.  But, I’m still skipping them if I’m not interested.

ASSUMING an ad gets past the relevancy test, there are several other things which will immediately turn me off.  If the ad fails any of these tests, it’s out.  Everybody’s preferences here will be different.  Some of these mainly apply to tv.  I’ll get to pc’s later.  The problems with pc based ads is one reason not to have a smart tv which could act similarly.

NO yelling, screaming, shouting – if so, it’s OUT.

NO morally crude or offensive content – if so, it’s OUT.

NOT corny, stupid and idiotic – personal taste, but, stupidity drives me away.  I don’t need my bottle of laundry detergent jumping up and down and talking.  (I think graphics design has hurt advertising.)  I don’t need to see someone acting like a moron on the screen.  I’m a (prominent insurance co) customer, but I hate most of their ads except the main one.  I’m an engineer.  Most things most people think are funny, I don’t.  Emotion is NOT what makes a great car a great car.  Most people who drive their kids around in a car love their kids.  BRILLIANT ENGINEERING is (presumably) what makes a great car a great car, so the owner can express his love safely to his riders.  If it’s stupid, it’s OUT.

For pc ads, FIRST and FOREMOST, I must be able to surf safely.  This means NO 3rd Party content and NO 3rd Party scripting.  It’s too dangerous.

I trust the MAIN site.  I may trust a CDN.  I trust somebody like PAYPAL for payments.  Etc.  THAT’s ALL.  PERIOD.

If an ad meets the above criteria, it must continue to satisfy these tests:

Most fundamentally, it cannot be intrusive and abusive.

NO popups – if so, it’s OUT.

NO takeovers – if so, it’s OUT.

NO animation, jumping, dancing, moving – unless I ask for it by clicking play or something.  If so, it’s OUT.

NO sound without me asking – if so, it’s OUT.

NO video without me asking – if so, it’s OUT.

NO changing the colors, fonts, windows, menus, status bars, or UI of my screen.  If so, it’s OUT.

NO hiding any elements of my screen or controls – if so, it’s OUT.

NO flashing ANYTHING – if so, it’s OUT.

And most of all, NO TRACKING me across sites!  PERIOD.  If so, it’s OUT.

So, if you want to advertise something to me which is relevant, reasonable, non offensive, non stupid, and affordable to me in time, space, and money; I might look at it / play it / consider it.

That’s it.

You and the whole industry needs to forget pay per click and pay per impression.  FORGET IT!

You need to focus on pay per action or pay per buy.  Give me a discount code for one of your various sponsors, which you generally do.  If I go there and buy, you know, and they know, you sent them the customer.  End of story.  That’s the only thing that matters.

Also consider a fremium model like what they’re doing on some podcasts.  Basic content is free / ad supported.  Patreons get bonus content.

Finally, you need to host the ads yourself and vet the ads yourself.  NO 3rd party proxy!  You take responsibility for not damaging my pc.

Well, those are my thoughts.  Use as you see fit.  I may be an advertiser’s worst nightmare, but I don’t think I’m that atypical.


Thinking About Cyber Security for your CAR

Published: March 11, 2015 at 07:08 PM EST
Updated: March 6, 2017 at 10:01 AM EST
— Added this article to IOT categories as well as some others.  Added links to RSS feeds at the bottom.

I have been involved in discussions lately on a discussion list regarding cyber security for cars.  This is becoming a significant problem, with numerous reports of researchers showing vulnerabilities of modern cars which can be attacked and sometimes crackers exploiting them.  The car manufacturers are apparently more concerned with function than security.  The information below is adapted from those discussions.

A recent Security Now podcast was on the topic of Vehicle Hacking. They interview the team that was on 60 minutes who hacked the test car that Lesley Stahl was driving and disabled the brakes. The researchers are Lee Pike and Pat Hickey. The first part of the show has some other security related news and some non security related news and even some fluff. I don’t mind listening to it. However, if you want to jump to the meat and potatoes, the interview segment starts at 59:20.

The researchers are a bit cagey and vague, because they don’t want to attack specific manufacturers and they don’t want to give the bad guys any help. They say all manufacturers are equally bad. But, it’s interesting nevertheless.

You can access the show at:
Low bandwidth versions, show notes, and transcripts will be posted here later:
Here’s an article from the CBS site about the 60 minutes show including a short but scary video clip:

Here are my conclusions: Your car IS internet of things, and, it’s heavy, mobile, fast, and potentially deadly. You might want to avoid cars with communications to the outside world, since it’s sometimes possible to call the car’s built in cell phone number and hack into it. You might want avoid cars with extensive automation. When this becomes prevalent in terms of year models is up for debate. As I’ve said in another thread, I’ve avoided some 2011 and 2012 cars last time I was shopping due to them having “electric” steering. One of the researchers said he was “somewhat optimistic” about security. That did NOT give me confidence.

(For this piece, I had expressed concerns about the lack of the auto makers’ response to growing evidence that there are potential problems.  Someone else asked what response would be appropriate, how fast should it be, how do you know if they responded, and who determines what response should occur.  These were my thoughts.)

I have a few thoughts. Those ARE hard questions. Here are some general ideas. I’m not an expert in legalities, politics, automation, automotive design, or security; just an interested consumer. Some of my answers create more questions.

First, every “thing” we mandate to be added to a car increases cost. Every law we add to an industry increases the complexity and risk to provide the products to us, which increases cost. I am not a fan of big and pervasive, sometimes onerous and intrusive government regulation. But, it seems self regulation isn’t working. I think we’d agree that door locks, air bags, anti lock brakes, traction control, stability control, seat belts, crumple zones, crash tests, and roll cages, etc. are a good idea. I think most if not all those are mandated now. It’s likely that we wouldn’t have them, except as expensive “options” if they weren’t mandated.

At the very least, manufacturers shouldn’t be negligent, whatever that is.

Let’s think about a kid’s tricycle for a moment. What does the manufacturer have to do not to be negligent. Unfortunately, the answers contain lots of ambiguity. Making this up, this is not a legal recitation.

* all the parts should fit together appropriately
* the parts should carry out their function
* they should be sturdy enough to withstand the expected usage, including a kid jumping up and down on them or tumbling the trike down a hill or whatever
* it should last a reasonable amount of time
* it should not have small parts kids might choke on
* it should not be toxic
* the interaction of the parts should not be prone to cut or pinch or bruise the kid

And so on. These are things that most buyers of trikes would expect them to do. If the handle bars, rear axle, or pedals break under reasonable use, that’s a problem. We know trikes are inherently unstable while cornering. Does that make the manufacturer negligent for not putting 10 training wheels on it? Probably not. People don’t expect it to have that and most people know the things are unstable. What if the rear axle has places for a kid to stand but there are no grippy rubber pads? I don’t know about that. If you’re going to encourage a kid to stand there by having a platform, maybe you need grippy rubber pads.

Are they negligent because the trike doesn’t have brakes? Probably not. People don’t expect them to have brakes. You brake by applying back pressure to the pedals or dragging your feet on the ground. But, what if there comes a time when most trikes DO have brakes? That may change things. If everyone expects trikes to have brakes, and may have even grown up riding one that did, and somebody sells a trike without brakes, then people might consider them negligent. So, what is appropriate and what is not appropriate is to some extent related to customers’ and jury’s expectations.

I don’t know where I read it, but, we’d all be much safer if we rode around in an Abrams Tank. But, most people don’t want to pay $ Millions for their ride and use 5 gallons of fuel (or whatever) per mile. Engineering is always a trade off of how to get the most value and safety for the least money. The question is, where do you make the trade offs so you don’t have to pay $ Millions for your ride and so most reasonable people wouldn’t think you’re negligent.

Here are some things to think about. Hopefully, you have customers and jury’s of average but hopefully intelligent and sincere people. What do they expect? What should they expect? In the legal world, you have to talk about reasonable doubt and preponderance of evidence. Is there a reasonable doubt that XYZ Co. is negligent? Is there a preponderance of the evidence that they are?

Again, it partly gets back to expectations. Is making a certain small car that likely bursts into flames when it’s rear ended negligent? Yes. Is making a car without brakes negligent? Yes. Is making a car without dual redundant brake systems negligent? Don’t know. Is making a car without air bags negligent? Yes. Because we have DEFINED a standard, and law, that says we consider that to be a mandatory part of a car.

Two other terms to consider are “best in class” and “industry standard”. Frequently, if you don’t do something that’s “industry standard”, you might be negligent. Sometimes, if you don’t do something that’s “best in class”, you might be negligent.

See the following web resources:

In terms of cars specifically, I think your 5 star framework is good. I think there are 4 key tiers of safety to consider. Operational and crash safety, which they have a pretty good handle on. And, safety from attack and sabotage, which is a whole new realm.

For the latter two, I think we should put EXTREME efforts into preventing attack remotely WITHOUT physical access to the car. Those systems related to this should employ best in class preventive measures. The dangers from remote attacks are potentially catastrophic. The ability to launch a remote attack from a distance and probably not get caught is a severe risk that makers should consider.

I think we should employ SUBSTANTIAL efforts into preventing attack WITH physical access to the car from the OUTSIDE. A car maker can never prevent a perpetrator from planting a bomb under a car. But, the maker can make the key systems of the car inaccessible from the outside and can make it very hard to get inside the car.

I think we should employ REASONABLE efforts into preventing attack WITH physical access to the car from the INSIDE. Theoretically, we’re very selective about who we let in our cars and who can connect to the OBD port, for example. But, some precautions should be taken to avoid dangerous things and malicious things from inside. Maybe it should be impossible to reprogram the ECU to violate certain laws or create hazardous operations. If I happen to plug in a memory stick to the entertainment system, even if it has a virus on it, it should not be possible for that to infect critical parts of the car.

By the way, I dread the day when I go to my car, try to crank it, and a display says, please wait while we update the firmware of 28 microcontrollers. Please plug a LAN cable into your front porch. We are currently updating the firmware in your door handle. Please do not attempt to exit the vehicle. This will take about 22 minutes. …

(This further addresses some relevant points.)

I just reread the main points of your 5 star framework doc.  It’s good.  Just a thought, you might wish to add an “information privacy” star.  Consider that the car may have access to and may store: everything in your phone via bluetooth, all your favorite locations via the nav system, your garage door access codes, all your driving habits, the times you go places, the people you talk to, when and if you text and to whom, even (potentially) how often you have passengers and how many and how heavy they are (from seatbelt and air bag seat sensor telemetry).  It might even know if you’re using a car seat for your kid or not.  Private information should not be shared, made available, or hackable, except where it may be subject to law or subpoena.

This can be a big issue with the evidence capture portion of your document.  Who’s entitled to obtain telemetry from your car and when.  The car maker?  The cop on the street?  Your insurance company?  Your mechanic?  A crash investigator?  A court?  A reporter?  YOU?  What about live, on the fly telemetry and monitoring?  Can this data be transmitted out when you’re driving?  After all, new cars have a connection to the net.  And, even if it could be and should be, is it properly encrypted and secured?

Also, all the user based data and history should be erasable by the user in order to sell or dispose of the car and this process should be certifiable.  And, what do you have to keep for “evidence” before a crash?  After a crash?  What if the car is totaled or has a salvage title?  What if it’s stolen?  What data lives forever?  Not sure I like the idea of NTSB air line like crash investigations for auto wrecks.

I just noticed that you do mention some stuff about privacy in your document.

In terms of updates, just like with computers, there’s an issue of how long you can get the updates.  How many updates are the manufacturers on the hook for and how many years?  How much tech support are they going to provide?  What if users are non technical, or don’t have internet, or phone?  My car should NEVER just stop working, even if it cannot get its updates.

It’s a brave new world.

Then there’s the whole other thing of people being snooped on with the onboard help system, etc.

Finally, some things should have manual over-rides.  For example, making this up, but, if the user is pressing hard enough on the brake pedal, then the brakes should apply … period.  Based on the unintended acceleration issues with prior name brand cars, I told my wife to remember, if she ever HAS to shut down the car as a last resort, press and hold the magic Start button.  Hopefully, that would work.

Also, the user should be able to disable all outside wireless contact to the world if he wants.

You may keep up with updates to this article via the RSS feeds for the IOT category or the security category or any other category which is listed at the bottom of the article.



A Tiny Start Towards a Paperless Home, Scanning, Print To PDF

This article will show you how to get started eliminating paper in your home or office and going all digital with scanned images stored on your computer.  It’s a bit long, but has lots of good data.  Also, though, note that it is just an introduction to the topic.

Note that it’s the DATA that’s really important on your computer.  The more important data you have on there that you don’t want to lose, the more important it is to backup the data.  All hard drives crash.  It’s just a matter of when.  Scanning all your important papers, especially if you discard the paper, will make it all the more painful if your computer crashes.  Also, be aware that scanning certain types of confidential papers into your computer will make it more important to maintain your computer security and more critical if the computer data is stolen, or the computer is stolen.

How many of you have ever heard of the term “paperless office” or “paperless home”?

How many of you have ever seen one?  It turns out it’s a very hard thing to do for a variety of reasons.

 For some time, I’ve had a motive to at least move in the direction of paperless at home.  I don’t have much space to file papers, and I’m terrible at doing so.  They usually end up in a pile, or several piles, or they end up in piles of file folders.  Sometimes, papers of similar nature end up in different piles.

Now, I do keep important papers like medical records or bills and do the best I can to find a place for them.  But, there are many other papers I have which might be conducive to conversion to digital with the right technology.  For a long time, I’ve been eyeballing high speed document scanners like the Fujitsu ScanSnap.  However, I have been unable to afford the $400 ish price.

Well, coincidentally, I just recently had a need to replace a printer.  I ended up getting a Brother multifunction laser printer scanner copier with 35 page automatic document feeder (ADF).  I’m not mentioning the name since this isn’t really intended as a printer review.  But, I think the combination of things it has may help me get a start into going paperless.

Printer, Scanner, Copier, ADF (Automatic Document Feeder)

The printer and software have 6 key elements which help me out:

      • A) It’s wireless and attaches to my LAN.  That means I can put the printer anywhere I want and I can attach to it from any PC.
      • B) It can print.
      • C) It can copy.
      • D) It can scan.
      • E) It has document management software, an older version of Nuance PaperPort.
      • F) It has a 35 page ADF or Automatic Document Feeder.

Combined, these features should help me on my road to going paperless.  (PS, it’s a long road, and scanning and categorizing things is time consuming.  So I’ll probably only do so for the most important things.)

It took a while to get the printer set up on the network and it took a while to get the scanning software set the way I wanted on one pc and document all that with screenshots in case I want to replicate it later.

I designated a certain directory where my scans go.  Under that, I have sub categories of receipts, computer instructions, and uncategorized scans.  Note that I’m just getting started with this and many more categories are possible.  Under receipts, I have sub folders of electronics, meds / nutrition, automotive, medical, and household.  Under computer instructions, I have sub folders like Audacity, PaperPort, and Windows.

Although I’m not using the default folders that PaperPort set up, they included categories for Articles, Bank Statements, Business Cards, Faxes, Investments, Photographs, Presentations, Real Estate, Samples (including some sample documents and PaperPort usage documents), Taxes, and Web Pages.  I will add folders such as these to my folder structure as necessary.

Scanner Software

The scanner software contains 5 important attributes which are quite useful:

  • OCR – Optical Character Recognition – This is a fancy way of saying that the software can read English characters in common fonts right from the scan and save the text AS TEXT, not just a bunch of dots in an image.
  • Searchable PDF – This is a very handy type of PDF file.  It not only includes an image of the page which was scanned, a giant collection of dots; but also includes the text which came from the OCR subsystem.  So, for example, if you had a print out of this blog post, and you scanned it into a searchable PDF with OCR, you would not only see an exact image of the page, but you would also be able to select text from the page and copy it or search it from other programs.
  • Print to PDF – This allows you to print almost anything that’s printable from your computer, but the printout is directed straight to a PDF file, and, if you wish, a searchable PDF file.  The utility of this is not immediately obvious, but it is very handy as I’ll describe below.
  • Stack and Unstack – This allows you to take several 1 page PDF files and turn them into 1 multi-page file.  It also allows you to break a multi-page file into several 1 page files.
  • Minimal PDF editing, including orientation and annotation

Note, this software is not exclusively focused on PDF’s, but that’s the main part of it that I’m using.

How Many Dots Per Inch Can Your Eyes See

One of the first questions you will confront when setting the scanner settings is how many dots per inch to use.  I would encourage you to plod through your scanner settings and don’t just leave them at the default level, which may not meet your needs.

More dots per inch = better quality image = bigger file size.
Less dots per inch = poorer quality image = smaller file size.

I should note here, that, if you scan at a poor quality setting, and throw away or lose the paper, you can never replace the dots you missed.  So, I like to scan at a high quality setting.

A related question is how many dots can your eyes see?  What is good quality and what is poor quality?  I found this article to help answer this:

The Resolution of the Human Eye

I didn’t take the time to understand everything in the article, but what I get out of it is this.  At 4″ distance from the eye, a HEALTHY (and probably young) human eye can discern 2190 dots per inch (DPI).  It also says that the legal norm for 20 / 20 vision at 4″ is 876 DPI.

If you’re further away than 4″, you can discern fewer dots.  I didn’t take the time to follow all the math, but, it says magazines are typically printed at 300 DPI and fine art prints are typically printed at 720 DPI.

I’ve chosen to set my scanner to 600 DPI unless I’m trying to go for a reduction in file size.  This will provide a very good quality image if I’m looking at it on a screen or if I ever have to print it again.  Note also that pages with small text may not OCR properly at resolutions less than about 400 DPI according to my scanner software  documentation.

Beware the File Size

Even though disk drives are cheap and most people have extra disk space on their hard drive, the file size of scans can be your nemesis, particularly if you save lots of pages.  Here are some example sizes for a single page letter size scan.  Note that output sizes will vary substantially depending on content.  They will also vary substantially depending on the specific scanner and software and the specific output file type and whether the file type uses compression.

These samples were taken from a scan of page 1 of this web page which has a fair amount of both text and graphics:

Wikipedia Page for Amoeba

  • Black and White, PDF, 600 DPI, 300 KB per page
  • Gray Scale, PDF, 600 DPI, 5 MB per page
  • Low Color, PDF, 256 color, 300 DPI, 4 MB per page
  • Full Color, PDF, 24 bit color, 600 DPI, 15 MB per page
  • Full Color, JPG, 24 bit color, 600 DPI, 10 MB per page

Scanner Settings

For most of my scanning, I use black and white at 600 DPI to minimize disk space usage.  If I have a particular need for gray scale or color, I switch to that on a case by case basis.

Here are some settings I always like to use:

  • OCR – English – As described above, extracts the text from the scan.
  • Searchable PDF Output – As described above, provides a PDF with both the image and the text of the scan.
  • Auto Straighten – Automatically corrects the vertical alignment of the scan.
  • Auto Orient – Automatically orients the page right side up for reading text.  This occasionally fails and I have to load the PDF in their viewer and reorient it.

 Here are the scan settings I have created for different documents, based on the pre existing document types in the software:

  • Black and White Document, OCR on, scanner set to text, black and white, 600 DPI, searchable PDF output
  • Gray Scale Document, OCR on, scanner set to text, true gray scale, 600 DPI, searchable PDF output
  • Low Color Document, OCR on, scanner set to text, 256 bit color, 300 DPI, searchable PDF output
  • Color Document, OCR on, scanner set to text, 24 bit true color, 600 DPI, searchable PDF output
  • Color Photograph, OCR off, scanner set to photo, 24 bit true color, 600 DPI, JPG output

For each document, I have the system set to auto generate a file name in the format of 2015-01-09-BW-OCR-9999, where the date automatically updates, the middle changes depending on the type of scan I’m doing, and the number at the end count upwards for each scan I do during the day.  In the case of this particular software, it only counts numbers upwards for each file that’s already in a folder.  Thus, if I scan 5 things, 0001-0005, then move them from the folder and scan again, it will count 0001-0005 again.  If I then move them to the same destination folder, I would have to rename them, but the software allows me to do that.  I would rather it number the subsequent scans 0006-0010, but it doesn’t.

 Work Flow for Handling Various Paper Items


Receipts are one thing which are an obvious candidate for scanning.  Unfortunately, they are one of the hardest things to deal with.  They’re usually printed on flimsy thermal oddball size paper which fades over time.  This makes them hard to file, hard to keep, and hard to scan.

I keep all my receipts for some period of time.  For non critical receipts like food and miscellaneous purchases, I just throw them in a box in case the bank makes any errors with the transaction.  After a year, I throw them out and start the box over.  I do not try to scan these.  Note, that, while uncommon, some receipts have your credit card number on them.  These should be shredded.

I do intend to scan most or all of my important receipts.  This would include things like the categories I mentioned above and include anything that has a warranty associated with it, or anything which I might need to return more than a week later.

When I first get important receipts, if I’m not scanning them immediately, I put them in an Unscanned Receipts physical file.  After I scan them, I put them in a Scanned Receipts physical file, but don’t attempt to further sort the paper versions.

For these receipts, I first physically group them by the receipt categories I mentioned earlier and then subgroup them by increasing date of transaction.  I go through and write the category and the transaction date on each, since I may be scanning them on a different date from when the transactions occurred.  I then put them one by one on the glass plate of the copier and make a copy.  I don’t try to feed them through the document feeder, as that would probably turn out badly.

Copying the receipts does two useful things.  First, since the printer is a laser printer, it turns the receipt from a fadable thermal item into a relatively permanent item.  Second, it turns a flimsy oddball size piece of paper into a standard letter size piece of paper.  These pieces of paper WILL be able to go through the document feeder.

I start the PaperPort software and go to my Uncategorized Receipts folder, unless I know all the receipts are going to the same folder, then I go to that one.  I put the stack of copies in the document feeder, (usually) set the scanner for black and white OCR, and scan the whole stack.  I have the software set to make a separate searchable PDF file for each page.  So, I get a number of PDF files showing up in the PaperPort software.

At this point, I can double click on each PDF, see what the receipt is for, and then drag the file to the appropriate folder for that receipt.  I can also optionally rename the PDF file so the name shows what the receipt is for.  In some cases, particularly for more expensive electronics, I put the PDF in a sub folder to show how long the warranty is.

As I mentioned earlier, this is time consuming, and I only do this for important receipts.  However, once this is done, I have a much greater chance of finding the receipts again if I need them.  Note that the copier, not just the scanner, was an integral part of this workflow.

After I’m done scanning the copies of the receipts, I put the copies in an Important Receipts Copies physical file.

Print to PDF

The utility of this feature of the software is not immediately obvious.  If you have something already on your pc screen, why would you want to print it to a PDF and not just print paper or save it as some other format?  Well, I’m trying to avoid paper.  And, I’ve noticed many of the papers I have around the house came from the printer.  So, they were once on the computer.

Obviously, if you have something like a word document, that is easy enough to save as a file.  And, the document management software can manage those.  But, for some other types of things I routinely used to print, it’s not so easy.

One example is web pages.  Yes, you can just save a bookmark.  But, the page may go away or change later.  Yes, you can do a file save as on the web page.  But, this normally generates an html file plus a folder containing all the little images and such associated with the page.  After doing a number of them, this gets messy.

Printing to PDF is an attractive alternative.  You get a PDF that looks exactly like the printout would if you printed to paper.  You can then view this, email it, or even print it if you had to.  I used this technique recently to save a digital “print” of a web page about adding partitions to a hard disk.  I stuck that in my computer instructions folder for future reference.

Another thing that I routinely used to print was screenshots of various menu screens in various programs that I have to configure such as Firefox.  Now while I may still print the images and put them in a binder, I am now going to start printing to PDF and saving the digital files also.

Scan and Toss

 Scan and toss is a term I use to refer to papers that are important enough that I don’t want to throw away the information, but not important enough that I want to keep the paper.

This may include SOME things I get in the mail, maybe info about a subject I’m interested in but have no time or money to pursue.  It may also include SOME printouts I’ve made in the past and put in piles related to some topic I was researching.  Or perhaps it’s printouts of screenshots I’ve saved for some reason.

In any case, I simply set the software to scan to my Uncategorized Scans folder, scan the page, then toss the paper in my recycle bin.  If the information is confidential, I shred it.  Within a week, the paper is gone, but it’s essence remains.  If I choose to, I can rename the file with a more relevant name and put it into some relevant category.

Scan and Keep

These are papers I would want to keep after scanning.  Bills and Medical records might fall into this category.  Now, I might not scan these at all, but, if I did, I would still keep and file the paper.  After scanning these, I would take the time to rename the digital file with a relevant name and move it to a relevant category folder on the pc.  I would then file the paper somehow.

Hand Written Notes

 This might include notes from club meetings or notes I’ve written about some topic I’m researching.  Now, while the OCR probably won’t work, especially with MY handwriting, it’s still valuable to have the notes stored on the pc so I can get to them.  These could be handled as scan and toss or scan and keep documents.

Old Papers

 One of the motives for going through these exercises at all is I have a LARGE quantity of old papers around the house that I’ve accumulated over the years.  Some are from outside sources, such as the mailbox, newspapers, flyers, etc.  Many are from my own printer.  So, what I intend to do is to periodically go through a stack of them and determine if they fall into a just toss it category, a scan and toss category, or a scan and keep category.  I’ll try to minimize the latter, since, if I had a good place to file them, they wouldn’t be in piles in the first place.

Once I have several that need scanning, I’ll divide them in to 35 page stacks, which is the capacity of the ADF, and scan them in mass.  After that, I’ll toss the tossable ones and file the keepable ones … somewhere … somehow.  For papers I need to scan which won’t go through the ADF, I’ll copy them first and then scan them or I will scan them directly from the glass plate of the copier.

Using these techniques, I hope to at least start making a dent in my numerous piles of papers and hope to avoid printing others when I can.  That said, I still don’t like reading long documents on a screen.

Hopefully, these techniques will help you start going paperless too.