Monday, December 25, 2023

Predatory Sparrows in Iran


In the United States, fears of widespread hacking causing major national disruptions have so far been mostly unfounded.  There have been isolated foreign-based attacks on infrastructure here and there, but no one has so far been able to disrupt an important nationwide system deliberately for political reasons. 


Iran hasn't been so fortunate.  A hacker group calling itself Gonjeshke Darande, which translates as "Predatory Sparrow," claims responsibility for knocking out about 70% of Iran's gas stations in the last few days, according to an Associated Press report.  A related CNBC piece connects the Predatory Sparrows with Israel, although the connection is unconfirmed by the group. 


This isn't the first time the Sparrows have mounted cyberattacks in Iran.  The CNBC report recounts a fire in an Iranian steel plant in June of 2022 which the group claimed to have started.  The hackers say that they try to avoid inconveniencing civilians, but having 70% of a country's gas stations shut down is more than an inconvenience.  Iran reportedly disconnected most of its government infrastructure from the Internet after the Stuxnet virus damaged uranium-enrichment centrifuges in the late 2000s, but the hackers have evidently found a way around that obstacle.


Iran has been sanctioned for its support of terrorism in other countries, and these sanctions prevent hardware and software updates from being installed that might otherwise help the country defend itself against attacks such as these.  Reportedly, software pirating is widespread, but pirated software typically loses manufacturer support for security updates, with the result that such systems are comparatively easy to invade for nefarious purposes.


Iran is widely believed to be the power behind Hamas, the group which mounted the October 7 attacks in southern Israel.  Engineering ethics always has to operate before a background of cultural and historical events.  An action which can be construed as ethical in wartime, at least by some people, would be considered highly unethical in peacetime circumstances. 


As large-scale hacks go, the Predatory Sparrows' shutdown of most gas stations, which isn't the first time they've done something like this, is not life-threatening, at least to most people.  In tweets, the group claimed to have warned emergency services in advance, and so they at least appear to be trying to avoid serious harm to civilians.  Their idea seems to be that if the people of Iran get fed up enough with issues like not being able to buy gas for a time, they will rise up and throw off the chains of the present regime.  And that might happen, but the ayatollahs in charge have endured much worse challenges up to now, and unless their grip on power gets a lot shakier, they will probably shrug off this cyberattack as easily as they did the others.


Cyberattacks are still new enough to count as a novel addition to the warmonger's bag of tricks.  As with other forms of warfare, its success depends on how well-defended the enemy is.  For whatever reason, the United States seems to be doing a better job at defending itself against hacks than Iran has.  I suspect a large factor in this difference has to do with the wide range of systems employed in the U. S. compared to more top-down-governed places like Iran.


I have no way of knowing for sure, but it wouldn't surprise me if nearly all the gas stations in Iran use the same kind of hardware and software.  That uniformity makes a system much easier to hack compared to an infrastructure built out of several different brands and designs of technology.  This is why theories of how a national election was allegedly hacked in many U. S. states hold so little water.  A hacker would have to master and invade dozens or hundreds of different systems and would have to gain access to literally thousands of machines through individual county election offices in order to swing millions of votes. 


While the rule can be extrapolated beyond its range of usefulness, it is true that in technological systems, diversity lends a kind of strength.  If one brand of system falls to a hacker, the others may not.  Iran would probably like to have a robust market for software, but sanctions and the general economic climate have militated against that.  So in addition to having to limp along with outdated machinery, they suffer from Predatory Sparrows who take advantage of the vulnerabilities of outdated and pirated software.


What can the U. S. learn from this situation?  At least two things.


First, money spent on cybersecurity is generally worth it.  Regular updates and security patches are simply good practice, and most responsible organizations follow these guidelines. 


Second, in technological diversity there is strength.  Highly centralized national mandates dictating the details of any kind of cyber-infrastructure are liable to produce security vulnerabilities.  The software industry is still one of the most lightly-regulated ones in our economy, and the resulting variety and dynamism is a security advantage as well as providing customers with the latest and greatest, other things being equal.  Any attempt by government to do heavy-handed regulation is likely to lead to a uniformity that would not be in the best interests of customers, and it might make life easier for predatory sparrows and their like.


It's too bad that Iranians are having to wait in long lines at the 30% of gas stations that still operate (a fraction apparently chosen deliberately by the hackers), but when your government fights a proxy war, you can expect the enemy to get back at it by both fair means and foul.  With cyberattacks, the line between fair and foul is especially fuzzy, and Iranians should be glad that the hackers are as relatively polite as they are.  Still, it's a pain, and we can long for a day when neither Iran nor Hamas nor Israel has to resort to hacking, because peace has at long last come to earth. 


And that's what Christmas is all about.  But that's a story for another time.


Sources:  The AP report "A suspected cyberattack paralyzes the majority of gas stations across Iran" appeared prior to Dec. 18, 2023 on the AP website at  I also referred to a CNBC report at

Monday, December 18, 2023

Are We Ready for Mandatory Alcohol Detectors in Cars?


Drunk driving has been a problem ever since automobiles were invented.  The alertness needed to control a motor vehicle is incompatible with drinking more than a certain amount, and as a consequence of ignoring this fact, 13,400 people in the U. S. died in alcohol-related crashes, according to a recent AP news report.  That may be about to change, because in response to a law passed by Congress in 2021, the National Highway Traffic Safety Administration (NHTSA) announced on Dec. 12 that it is going to require all new passenger vehicles to have a device that will prevent drunk driving.


The NHTSA rule will not go into effect for a year or two, at least, because the agency's notice of proposed rule making first allows manufacturers to provide information about the state of the technology so as to have an orderly rollout and reasonable requirements once the rule is finalized.  But unless Congress changes its mind, sooner or later all new cars will have this feature—or bug, depending on your point of view.


So-called "ignition lockout" devices are not new.  A cursory search of the Internet turns up dozens of papers and project descriptions to implement versions of this technology.  It appears that some jurisdictions already require certain people convicted of drunk driving to install a lockout device on their car before they are permitted to drive again.  Some of these gizmos are pretty inconvenient—imagine having to blow into a tube every time you start your car.  But it's better than not being able to drive at all.


The AP article says that the new required device won't have a tube for drivers to blow into, and the average driver may not even be aware of its presence.  The optimum technology hasn't been decided on yet, but leading candidates include a sensor that would check the driver's breath from a distance (maybe mounted in the steering wheel?), or an optical spectrometer that would derive blood alcohol content from reflectance measurements on a finger. 


From a technical point of view, one can ask what the acceptable rate of false positives and false negatives are going to be.  For sober drivers and those who haven't consumed their legal limit, false positives will mean that your car won't start until the device decides that you're really sober.  Users of alcohol-based mouthwashes and breath-freshener sprays will have to avoid using them just before getting in the car in the morning.  This in itself is not a major problem, but other factors could cause false positives as well.  For the finger-spectrometer device, what if you happen to wear gloves?  Too bad, you'll have to take them off to drive. 


And then there's the question of setting a threshold.  As the instrument itself can be backed up by sophisticated statistical software, it may take other factors into account:  the weight of the driver (easily obtained from a strain gauge in the seat), the driver's motions as monitored by pedal and steering wheel activity, and history of alcohol use as detected by the system in the past.  But no system is going to be perfect.  We can expect some unanticipated problems when the systems are first deployed widely among drivers who don't drink, because there's nothing like the real world to come up with situations that even the most imaginative engineer can't predict.


Even worse will be the false negatives:  cases in which the driver is really drunk but the system doesn't detect it.  Habitual drunk drivers will have a strong motivation to defeat the system, and designers will have to take measures to ensure this doesn't happen.  "See that little hole in the steering wheel?  Plug it up with chewing gum and you can drive no matter how many you've had." Tricks like that will have to be prevented somehow.


Reducing the thousands of deaths annually due to drunk driving is worth something, certainly.  And adding one more required system to automobiles is not going to be noticed along with the many hardware and software enhancements—assisted driving chief among them—which are already being implemented voluntarily by carmakers. 


But an alcohol-detection system is different in kind from other systems, in that it monitors the driver's condition independent of how well he or she drives.  You can make the case that automatic braking systems step in and remove control from the driver when the system decides it's necessary, but that is determined by immediate road circumstances to avoid an imminent crash.  An alcohol-detection system uses a chemical sensor to conclude that the "meat system" called the driver is unsuitable for use, and simply shuts down the car until the driver sobers up. 


This may be the first step toward driver evaluation that is already implemented in some ways elsewhere.  "Dead man" lockout systems in certain types of industrial equipment require that a person always be touching the controls or holding a pedal down, and if the operator ceases to do so, the equipment automatically stops.  One can imagine alertness tests using subtle cues such as eye motion in response to instrument-panel changes, and if the car decides you're too sleepy to drive, it tells you to pull over or else.  Or else—what?  Stopping in the middle of traffic wouldn't be a good idea, but unless the car is semi-autonomous already, it's hard to think of what to do with a sleepy driver other than to tell him or her to get off the road, and hope that the driver obeys. 


Like it or not, all new cars will eventually have the alcohol-detection feature, which is already being required next year in some European Union countries.  And we will have to deal with the consequences, whatever they may be.  Reducing the number of drunk-driving crashes is a highly worthwhile goal, and if it means a few non-drinkers will be inconvenienced by false positives now and then, it's probably worth it. 


Sources:  The AP article "US agency takes first step toward requiring new vehicles to prevent drunk or impaired driving" was published at  I also referred to a website of the Chinese firm Winsen (which makes alcohol-vapor detectors) at 

Monday, December 11, 2023

Water Beads: A Small But Significant Ethics Issue


Water beads, which are spheres of a highly absorbent polymer compound that absorbs water to produce glassy-clear globules that are nearly all water, turn out to be the focus of an ethical issue as complex as many that involve more influential technologies.  I managed to survive until an advanced age in complete ignorance of the existence of water beads.  But now that I've found out about them, they turn out to be more controversial than you'd think.


It all began last Friday at a Christmas dinner and concert at a church some friends of ours attend.  The table decorations were clear plastic candle stands with a thin stem supporting a clear cup that had what looked like water in it.  Floating on the water was a disc-shaped candle, but what caught my interest was what I saw between the candle and the bottom of the cup.


Somehow, there were five or six small Christmas ornaments suspended at various heights in the cup, which was at least two or three inches (2.5-4 cm) high.  Some ornaments were at the bottom, some were suspended in the middle, and some were near the top.  This got my physics-oriented mind going:  what kept the ornaments from either all falling to the bottom or floating to the top?  Was it clear gelatin?  A touch of my fork to the top of the cup proved that no, there was plain water at the top.  (You see how I spend my time at parties.)  I leaned over to my friend at the next table, who is also technically inclined, and asked him how it worked.  He had no idea, but knew the lady who did the table decorations and said he'd ask her after the event was over.


When we caught up with her, she said, "You want to know my candle-holder secret?  Orbeez."


We didn't know what Orbeez were.


"Water beads.  See, here's a cup that got spilled."  On the table were dozens of what looked like clear marbles, maybe 5 mm (1/4 inch or so) in diameter.  Being almost all water, they are almost invisible when suspended in water.  If I looked through an intact cup with its ornaments, I could see sort of ripples in the clear fluid, like heat waves above a hot road in the summer, but nothing more than that.  The water beads in the water stay intact and support the Christmas decorations at various heights.  Mystery solved, but what the heck were Orbeez?


It's a trade name for water spheres made with a special polymer originally developed to make highly absorbent sanitary napkins in the 1970s.  When compressed dry into either spheres or various other shapes, the material expands when placed in water, but retains its relative shape.  Wikipedia's article on expandable water toys describes both the attraction they have for children and also the hazards they pose.


Especially if the objects are brightly colored or have interesting shapes resembling candy, it's easy to imagine a baby or young child eating them.  And this has happened—a lot.  The problem is that unless the object is already saturated with water, it will continue to absorb water and expand inside the digestive tract.  The U. S. Consumer Product Safety Commission (CPSC) has a grim webpage with an X-ray showing a child's colon filled with water beads that caused an intestinal blockage, which leads to severe illness or even death if untreated. 


According to an article on the website, 4,500 emergency-room visits in the U. S. were attributed to water beads from 2017 to 2022.  This is why last month, U. S. Representative Frank Pallone introduced legislation that would ban the sale of such beads altogether.


As with other engineering-ethics issues, the first step is to identify the parties involved.  The manufacture of the beads takes place offshore, mostly in China.  Retailers buy them either directly or from repackagers, and sell them to the public.  Both children and their parents buy the beads, and adults such as our table decorator as well as children use them.  Some types of beads have a maximum size of only a few millimeters, and are advertised as harmless except to very young children, whose small-bore internal plumbing could still be plugged by such objects.  Others can get as large as two inches (about 50 mm), and pose a clear hazard if ingested. 


What we have now is close to a libertarian approach to the problem.  Water beads as such are unregulated, but the CPSC has issued consumer recalls on specific brands of water beads that appear to be very likely to be misused.  For example, Target sold a product called "Chuckle and Roar Ultimate Water Bead Activity Kit."  The CPSC issued a recall notice for this product on Sept. 14 of this year.  It's not stated why this particular product was singled out, unless it was associated with an unusually high number of ER visits. 


Rep. Pallone's bill would take the government-knows-best approach and simply ban all such products, at least according to the brief report on it.  It's unclear whether responsible adult users such as florists and decorators would be allowed to buy them, perhaps after showing proof they are over 18, like ammunition is treated.  If enforcement is not any more rigorous than the regulations around buying ammunition, which I did online by simply checking a box saying that I was over 18, the new law might not be very effective.


Somehow, people with small children keep them alive in houses full of things that might hurt them:  drain cleaner, cleaning fluids, medicines, and so on.  While allowing a very young child who doesn't know the difference between food and plastic to play with water beads seems unwise, it's up to society at large to decide whether hundreds of ER trips every year for kids who eat water beads is worth the pleasure they derive from using them properly. 


To be frank, most of society is unaware that there is even an issue.  If Rep. Pallone's bill advances toward passage, you can count on the water-bead sellers to protest, and unless there is an organized group such as Parents Against Water Beads, the voices of the manufacturers and retailers may prevail.  In that case, we'll all just have to be more careful and try not to make this world any more hazardous than it is already for small children.  Even if water beads really are cool looking.


Sources:  The article describing Rep. Pallone's bill is at  The CPSC statement on the water-bead product recall is at

  I also referred to the Wikipedia article on "Expandable Water Toy." 

Monday, December 04, 2023

Consumer Reports Says Electric Cars Have More Problems


In a comprehensive survey covering vehicle model years 2021 through 2023, the publication Consumer Reports found that electric cars, SUVs, and pickups had among the worst reliability ratings compared to either all-internal-combustion-powered vehicles or IC-powered hybrids (not plug-in hybrids, which were also problem-prone). 


Results varied by brand.  Tesla, the largest seller of all-electric vehicles, rose in the reliability rankings from 19th out of 30 automakers in last year's survey to 14th out of 30 in the latest study.  This reflects an overall tendency that is probably the main cause of reliability problems with electric vehicles (EVs):  inexperience.


The first time you do anything, you're not likely to do it perfectly.  Young people sometimes don't understand this basic principle of life, and it leads to unfortunate consequences.  My mother once sent me to take tennis lessons when I was about ten.  When I discovered I couldn't serve like a pro right off the bat (or the racket), I promptly lost all interest and closed myself off to a lifetime of tennis enjoyment. 


The same thing that is true of individuals learning how to do new things is true of automakers learning how to make EVs.  An Associated Press article on the Consumer Reports survey quotes Jake Fisher, their senior director of auto testing, as saying the situation is mainly "growing pains."  No matter how detailed and accurate computer models and laboratory prototypes are, a manufacturer can't simulate the myriad of unlikely situations that will arise when a product is made in units of thousands and sent out to the great unwashed public, who will do a lot of crazy durn things that the maker could never think of. 


This sort of thing has been going on with internal-combustion (IC) cars since before 1900, and the automakers are supremely experienced with what can go wrong with that technology.  It may be surprising to learn, but the reliability requirements of military-grade technology are nowhere nearly as rigorous and demanding as the requirements for hardware used in the automotive industry.  Jet aircraft are inspected and serviced every few hundred hours.  But Grandma just drives her car until it breaks, and expects that to happen very rarely. 


Combine that consumer expectation with a radically new powertrain, control system, and body, which is what EVs represent, and you're going to have problems, even entirely new types of problems.  The issue of autonomous vehicles is formally independent of EVs, but as some of the most advanced autonomous-vehicle systems are found in EVs such as Teslas, the two often go together.  And autonomous driving is only one of the multitude of new features that EVs make either possible at all, or a lot easier to implement.


An EV is more of a hardware shell for a software platform than anything else, and reliability standards for software are a different kind of cat compared to automotive reliability expectations.  Software is at fault in many issues involving EVs, although it can increasingly cause problems with IC cars as well.    


The hope expressed by many EV makers is that consumers will recognize the higher problem rate as something temporary, and won't allow it to tarnish the overall reputation of the technology.  This depends on the age and psychology of the customer to a great and imponderable degree. 


Just last night, for instance, I was talking with a friend who bought his first Tesla about five months ago.  If he's had any problems with it, he didn't mention them.  I asked about charging times, and he said it was no problem.  He can charge his Tesla at his house overnight, and he knows where there are supercharging stations that will do it in only 30 minutes.


His attitude reminds me of a scene in the Woody Allen movie "Annie Hall."  In a split-screen scene, Alvy Singer's therapist asks him, "How often do you sleep together?"  Singer replies forlornly, "Hardly ever.  Maybe three times a week."  In the other half of the screen, his partner Annie Hall gets asked the same question by her therapist, and Annie says with annoyance, "Constantly.  I'd say three times a week."


My friend, a power engineer and Tesla enthusiast, sees charging an EV in thirty minutes as wonderful, hardly any time at all.  Someone like me, who is a dyed-in-the-wool IC traditionalist, can't help compare that half hour to the five minutes I usually spend at the gas pump, and the Tesla suffers by comparison.


The true-blue EV proponents will undoubtedly overlook or tolerate minor issues with their vehicles and rightly regard them as temporary stumbling blocks that will grow less frequent as the makers learn from their mistakes and improve reliability overall.  The big question is, are there enough such proponents to support the overwhelming market share growth that the automakers hope for, and that the federal government is standing by to enforce with a big stick if it doesn't happen?


The same AP article notes that the initially explosive growth of EV sales has slowed by about half in the last year.  It's a genuine open question as to where EV sales will stabilize, if they ever do, with regard to IC sales.  The problem that the automakers face is that as things currently stand, they must comply with the so-called CAFE standards for overall fleet fuel economy, or else pay heavy fees for non-compliance.  And the Biden administration has proposed steep increases in the fleet-mileage numbers that will require a large fraction of all cars on the roadways to be EVs in the coming years. 


One can question the propriety of government interference in the auto marketplace.  If left alone, the market will let all the EV enthusiasts satisfy their wants without driving up the overall price of cars or causing artificial scarcities of IC vehicles.  Both of these downsides are likely if the government forces Adam Smith's famed invisible hand to deal only the kinds of cars the government wants, without regard to consumer preferences or needs. 


Electric cars will become more reliable, but it's by no means clear if consumers will want enough of them to warrant the current pressures to overthrow the century-long reign of IC cars. 


Sources:  The AP article "Consumer Reports:  Electric vehicles less reliable, on average, than conventional cars and trucks" appeared on Nov. 29, 2023 at  I also referred to IMDB for the "Annie Hall" quote at, and for CAFE standards at