|
Ola posted:No idea about CANBUS security though, wouldn't surprise me if the planets could align and adjusting the volume sent you into a ditch. It seems insane that they aren't using a data diode to link the main CAN bus to the entertainment system, so that the information could physically never travel the wrong way and interfere with the car.
|
# ? May 7, 2019 10:27 |
|
|
# ? May 17, 2024 16:22 |
|
Absurd Alhazred posted:Mostly it beeps at you for things like "you are at 11 above the speed limit instead of 10" but only for the first few seconds, so that it actively discourages you from maintaining around that speed; either remain above or below, absolutely counter-productive, and "there is a car in front of you that has braked", which is great, except that I am looking forward so I saw that car and was reacting to it by slowing down, so I assumed something else had gone wrong, so I came to an abrupt halt. Or "there is a car in your blind spot", which admittedly could be useful. my favorite is cars that beep at maximum volume, with no visual indication, about 100 yards before each speed camera in their database they typically have no documented way to disable this behavior, because why would you ever not want to know about speed cameras, even when driving well below the speed limit, once you eventually figure out that that’s what the beep means? note: some roads here have a lot of speed cameras
|
# ? May 7, 2019 12:05 |
|
I did love when MobilEye's speed limit indicator and the internal Mazda ones disagreed.
|
# ? May 7, 2019 14:22 |
|
That Dang Lizard posted:It seems insane that they aren't using a data diode to link the main CAN bus to the entertainment system, so that the information could physically never travel the wrong way and interfere with the car. Those cost money. Why spend the money? e: real talk here: Car companies are NOTORIOUSLY frugal, more so than most other industries. If they could save 1 cent more to make the car, they'd gladly do it. The fact of the matter is they have determined the chances of someone taking over your car via the infotainment system is low enough that they don't need to spend the extra money to prevent it. Or, "We're going to omit this pretty cheap part in the gas tank because we calculated the odds it coming into play and the potential costs to fix those incidents to be less than installing that part in all the cars that could use it." That said, if enough outrage happens over it, well... you have the Pinto. iospace fucked around with this message at 15:05 on May 7, 2019 |
# ? May 7, 2019 14:59 |
|
y'all have never actually worked with CAN, have you? It's being talked about like it's just another straightforward I2C/SPI and it is, uh, not. I would simply add a diode to my CAN interface lmao
|
# ? May 7, 2019 15:20 |
|
JawnV6 posted:y'all have never actually worked with CAN, have you? It's being talked about like it's just another straightforward I2C/SPI and it is, uh, not. There's a significant difference between a traditional diode and a data diode.
|
# ? May 7, 2019 15:38 |
|
iospace posted:There's a significant difference between a traditional diode and a data diode. Efficacy
|
# ? May 7, 2019 15:44 |
|
iospace posted:There's a significant difference between a traditional diode and a data diode. JawnV6 posted:y'all have never actually worked with CAN, have you?
|
# ? May 7, 2019 15:53 |
|
Absurd Alhazred posted:I did love when MobilEye's speed limit indicator and the internal Mazda ones disagreed. That'd be pretty easy if one is using wheel RPM and the other is using GPS or radar because the latter two would be a lot more accurate under most conditions.
|
# ? May 7, 2019 16:07 |
|
JawnV6 posted:hey here's the relevant question i think u missed it: Then explain instead of being all
|
# ? May 7, 2019 17:18 |
|
Munkeymon posted:That'd be pretty easy if one is using wheel RPM and the other is using GPS or radar because the latter two would be a lot more accurate under most conditions. Speed limit, not current speed. The speed indication seemed more or less consistent, but I think MobilEye uses computer vision while the Mazda system uses some kind of frequently updated database (or they use different databases), so they will sometimes disagree.
|
# ? May 8, 2019 01:17 |
|
JawnV6 posted:y'all have never actually worked with CAN, have you? It's being talked about like it's just another straightforward I2C/SPI and it is, uh, not. The entertainment system needs predefined information. The inner workings of the CAN bus don't matter at all when it comes to spitting that information onto a circuit trace, with either zero feedback or an enable pin.
|
# ? May 8, 2019 02:00 |
|
iospace posted:Then explain instead of being all no don't
|
# ? May 8, 2019 03:41 |
|
/CAN The thing car manufacturer's are trying to avoid is having to physically segregate the bus so they only have to route one cable. Unidirectional network things only even make sense when there are two buses and you are limiting what can be copied from one to another. The situation you want to avoid is a subverted entertainment unit being able to say "Engine RPM: 100000!" and everyone else listening. You could do that with two buses linked by a widget that knows what IDs belong on each side, but you'd have to run two physical cables ($) and that widget would probably have to be semi-custom (it can't just do an echoing thing because of the electrical arbitration)
|
# ? May 8, 2019 05:25 |
|
Yeah, the real problem is basically that having to run two cables for the two busses is expensive and lol at corps spending a cent more than they have to for things they can't market with.
|
# ? May 8, 2019 08:18 |
|
iospace posted:Then explain instead of being all Dylan16807 posted:The inner workings of the CAN bus don't matter at all when it comes to spitting that information onto a circuit trace, with either zero feedback or an enable pin. Xarn posted:Yeah, the real problem is basically that having to run two cables for the two busses is expensive and lol at corps spending a cent more than they have to for things they can't market with.
|
# ? May 8, 2019 18:14 |
|
JawnV6 posted:why would i, cursed with knowledge, bother to help when you've got such luminaries in the thread unfettered by such vagaries Are you from the EVE thread or something
|
# ? May 8, 2019 20:00 |
|
he's from my rear end
|
# ? May 9, 2019 03:30 |
NtotheTC posted:Are you from the EVE thread or something worse: the coding horrors thread
|
|
# ? May 9, 2019 04:32 |
|
senior dev coworker found it necessary to write his own ugly bespoke String.Contains() in C# for some reason, in the middle of an API controllercode:
|
# ? May 9, 2019 22:04 |
|
Code golf is almost always bullshit, but god drat.
|
# ? May 9, 2019 22:42 |
|
Dross posted:senior dev coworker found it necessary to write his own ugly bespoke String.Contains() in C# for some reason, in the middle of an API controller But...
|
# ? May 9, 2019 22:59 |
|
Dross posted:senior dev coworker found it necessary to write his own ugly bespoke String.Contains() in C# for some reason, in the middle of an API controller I wondered whether it was a (bad) attempt to make sure the check was culture-insensitive, but checking the docs, string.Contains() already is culture-insensitive.
|
# ? May 9, 2019 23:24 |
|
Hammerite posted:I wondered whether it was a (bad) attempt to make sure the check was culture-insensitive, but checking the docs, string.Contains() already is culture-insensitive. Even if that were the case, the right thing to do would be to make an extension method called .ContainsInvariant() and put it in the Utils module, not a random undiscoverable text function in a loving controller.
|
# ? May 10, 2019 00:11 |
|
Today I learned that the IBM C++ linker only allocates 64k for its TOC unless you specify -bbigtoc on the command line. That's not a thing I should have to think about.
|
# ? May 10, 2019 00:12 |
|
Dross posted:senior dev coworker found it necessary to write his own ugly bespoke String.Contains() in C# for some reason, in the middle of an API controller
|
# ? May 10, 2019 01:00 |
|
JawnV6 posted:
It's not about adding a data diode into the actual CAN wires. It's about putting it anywhere at all. Nobody is claiming anything about CAN except that the problems are already solved. The system already gets the data. Leave that circuit alone, tell it to display the data like it already does, and change what comes after it.
|
# ? May 10, 2019 01:13 |
|
Dylan16807 posted:It's not about adding a data diode into the actual CAN wires. It's about putting it anywhere at all. do you let yokels from unaffiliated disciplines give you notes on the digital systems you design? why or why not?
|
# ? May 10, 2019 18:27 |
|
JawnV6 posted:i'm pretty sure i know the question we're discussing and the paucity of experience you're bringing to bear. you've never professionally consumed a schematic, never specced a component much less a MCU, never done a design review on a board, yet you're confidently opining about system design questions for consumer electronics. "put it somewhere, idk the specifics" isn't the genius galaxy brain masterstroke you're expecting. do the CAN systems you've worked with NACK for any reason other than a CRC mismatch? can that information be shuffled back and forth across the data diode you've selected for this application? what would the failure mode be if the CAN node didn't respect this area of the protocol? We get it dude, you've worked on it. Now are you capable of responding without being a jackass? Looks like that answer is no.
|
# ? May 10, 2019 19:21 |
|
JawnV6 posted:i'm pretty sure i know the question we're discussing and the paucity of experience you're bringing to bear. you've never professionally consumed a schematic, never specced a component much less a MCU, never done a design review on a board, yet you're confidently opining about system design questions for consumer electronics. "put it somewhere, idk the specifics" isn't the genius galaxy brain masterstroke you're expecting. do the CAN systems you've worked with NACK for any reason other than a CRC mismatch? can that information be shuffled back and forth across the data diode you've selected for this application? what would the failure mode be if the CAN node didn't respect this area of the protocol? I don't know how I can be clearer than "You don't change the CAN communication. It already works."
|
# ? May 10, 2019 21:49 |
|
well clearly it doesn't already work (or at least not well) if the insecure car radio has to have permission to touch the steering system
|
# ? May 10, 2019 21:56 |
|
zergstain posted:You’re saying it’s physically possible for the entertainment system to override the throttle? I just watched a couple of YouTube videos on CAN. Wouldn’t the entertainment system being a low priority solve that problem? Yes fishmech posted:It could be possible, although likely that car is not set up in such a way that you can successfully exploit the entertainment system for spurious brake/steering controls. Oh sweet summer child... In theory CAN is supposed to be segmented despite using a single actual bus but in reality all the firmware is so full of holes it's insane. Think original WindowsXP connected directly to the internet, only worse. Oh and it's all unauthenticated. Not like "let me spoof the ignition after I get RE on the infotainment bluetooth module which has DMA access to all of ram, allowing me to immediately upgrade to full ownage, then I can pretend to be a different device on the CAN bus"... but like -any- device on the bus can ask the ECU to kill the engine and it will.
|
# ? May 11, 2019 05:45 |
|
i wonder what fun things you can do with the battery on an electric car via firmware. can you blow it up? there's actually a full size electric car battery in one of the labs where i work, i should ask the guys who work on it the kind of poo poo you can pull. fun osha thing: the giant battery sits on a pyre of cardboard boxes with two tiny fire extinguishers beside it as a safety gesture. it's fully charged and if it actually failed in any way it would literally destroy the entire building
|
# ? May 11, 2019 19:25 |
|
Foxfire_ posted:/CAN That's illegal now, too
|
# ? May 11, 2019 19:41 |
|
I suppose that means the answer to my second question is 'no'.
|
# ? May 11, 2019 21:14 |
|
rt4 posted:That's illegal now, too This is cool, I’ve done entertainment stuff forever and have no exposure to this. What’s illegal, segmenting or not-segmenting?
|
# ? May 11, 2019 21:29 |
|
Remulak posted:This is cool, I’ve done entertainment stuff forever and have no exposure to this. What’s illegal, segmenting or not-segmenting? it's a Rosa Parks joke
|
# ? May 11, 2019 21:52 |
|
This is more a toolchain horror than a coding horror per se, but: ARM cross-compiling on SUSE (and, apparently, Ubuntu). Apparently whoever built the packages for these systems hosed up, and as a result it sometimes picks the wrong version of libc to link against. So you can, for example, build a Cortex-M0 binary (a chip that uses a subset of the THUMB 1/2 ISAs) and the linker will cheerfully link it against the ARM version of the stdlib, producing a binary that the chip is incapable of executing. Enabling the "warn on mismatched libraries" linker option doesn't detect this, either. The solution is just to use the prebuilt cross-compiler from developers.arm.com, but seriously, what the gently caress.
|
# ? May 12, 2019 03:26 |
|
A perennial favorite of mine - pure, undistilled fuckery. This if continues into a business logic pyramid of doom...code:
Every customer has their own opinion. This gem was written a decade ago, and both the product owner and developer have long since moved on
|
# ? May 13, 2019 03:09 |
|
|
# ? May 17, 2024 16:22 |
|
ToxicFrog posted:So you can, for example, build a Cortex-M0 binary (a chip that uses a subset of the THUMB 1/2 ISAs) Teeechnically a superset of THUMB1 iirc I guess it's not bitching because if you're using something beefier than a Cortex-M then mixing Thumb and ARM classic code in the same binary is normal and expected, it's not the same as if you were trying to link against an x86 libc or w/e
|
# ? May 13, 2019 12:26 |