Skip to main content

On Teddy Bears in Cars, Font Obsessions and Home Password’s Pwnd Password Kerfuffle

This post was first sent to my newsletter on September 17th, 2021.
You really ought to subscribe :)

toy teddy bear in a toy car

via Michelle Scott on Pixabay

Welcome folks, to the September work letter! :)
As usual, click the headers to wander off to the orginal articles.

A Bear? Where? Over There — Strapping a giant teddy bear to a car in the name of highway safety

You’re adapting my what?
When activated, adaptive cruise control uses forward-looking radar to maintain a specific distance to a vehicle in the lane ahead, slowing down or speeding up (to a maximum of whatever speed cruise control was set to) as necessary. Lane-keeping systems use forward-looking cameras to detect the lane markings on a road to keep the vehicle between them, and when both are active together, the vehicle will do a pretty good facsimile of driving itself, albeit with extremely limited situational awareness.

Which is where the human comes in. Under the SAE's definitions for automated driving, in Level 2 the car controls braking, acceleration, and deceleration, but the human is responsible for providing situational awareness at all times. Of course, this raises the question of whether the driver is actually paying attention.

[…] To test whether drivers were actually paying attention while using a Level 2 system, IIHS recruited participants and then had them drive for roughly an hour, either using the car's Level 2 system or not. At three predetermined locations on the test route, a second car—the one with the large pink bear attached to its trunk—would overtake the participant's vehicle. At the end of the study, the drivers were asked if they saw anything odd, and if so, how many times.

TT2020 is an advanced, open source, hyperrealistic, multilingual typewriter font for a new decade!

Crazy obsessions like this, are why even I got into writing software.
From the problem page,

In the second image, there are three ‹N›’s. Yet, they all look exactly the same. A real typewriter can, quite rarely, have one of its letters damaged, or misaligned, such that that letter regularly makes an inferior strike to all the other letters. However, this degree of regularity is impossible; could Underwood or Remington have acheived it, they would have leapt for joy.
While working on the project, incredibly, another bad typewriter scene intruded upon my life. I don't often sit around and watch movies, so I suppose there are only two possibilities:

a. There are so many of these unrealistic typewritten documents in late-2010’s cinema that almost any movie with a typewritten document in it will be hopelessly unrealistic, or
b. The universe, nay, God himself, was urging me on to complete this project in lieu of others I could finish!

The Font is here.

Home Assistant decided to implement password security checks by integrating Pwned Password lookups at the Have I Been Pwned project and all hell broke loose. Here’s Troy Hunt’s measured look at the situation.

I’ve written before about how IRL analogies are terrible and this one is no exception. You will not die if you use a weak password. There aren’t government regulations defining how the software is built. You can be any age to operate it. Home Assistant is free. And so on and so forth.
Cars warn you about a number of unsafe decisions and so does Home Assistant, but that’s where the similarities end. Everything else can be adequately discussed by simply talking about the technology rather than trying to find things IRL to compare to.

If it’s in Pwned Passwords, I've seen it in plain text. If I’ve seen it in plain text, hackers have seen it in plain text. It doesn’t matter how many letters and numbers and symbols you’ve got in your password, if it’s in Pwned Passwords then it’s floating around the web where plenty of other people have access to it. The guidance from NIST I quoted earlier said not to use “passwords obtained from previous breach corpuses” - there is no caveat that says “unless you think it's a really good one”!

Pascal has already indicated this will be configurable and as I said earlier, I agree. With the benefit of hindsight, I suspect he’d do things differently in the first place, even though the intention was good.
I do agree with the comments that people should be free to be dicks and deal with the consequences. What I’d like to encourage people to do, however, is to take this as an opportunity to get a password manager and strengthen all passwords that require it.

Until the next letter folks!

P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!
P.P.S. Feed my insatiable reading habit.