This remind me of the Shell car wash back in the early 2000's, where an iButton fob was used as a prepaid token for a number of car washes. It was possible to do a 'backup' of a new fob, and 'restore' it again when it was empty.
I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive. Are the $94 covering: 1) Are they paying a one time fee to unlock the encrypted communication feature. 2) A fee to get special trusted X509 time limited certificates to create trust between the radios. 3) A combination of 1 and 2. For certificates to be used within an organization having its own chain of trust, getting a certificate from a third-party is less secure than a selfsigned certificate.
His father turns on a laptop. "Now we will register our child,".
Pretty standard.. But why do the parents need to register.. In Denmark the mother is registered during prenatal care, and she also informs the social security number of the expected father. One of my colleagues girlfriend gave birth to there baby a Sunday night, and they were unmarried. The midwife registers the childbirth. One hour later the father got a message from the 'stats amt' where the had to sign for the paternity.
If FBI get their back door as they wish, then they would be able to unlock devices of tourists and business people visiting the USA. Since USA have not been elected to rule the world, then other governments should have the possibilities. This would enable china to spy on business phones entering China.
"I can imagine changes to the PHY to stop the "jabbering idiot" problem, but nothing that would prevent the other attacks." The Bus-off condition they are generating, IS the "jabbering idiot" protection.
I dont see any problem with this as long as the CAN bus is not accessible from the outside. I can also create an DoS attack on my PC if I short pins on the motherboard. You don't need an arduino to get CAN nodes to get into bus-off state, just short the two CAN bus signals together a couple of times. If you have physical access then you can also disable Airbags, and ABS brakes with a sidecutter.
Europeans generally have a higher trust in their own government, than a private cooperation. We especially do not trust large foreign corporations. I don't mind paying a little extra for my goods in the short run, if this can prevent large corporations gaining too much power in the long run. (Yes, this might hamper 'competition' for them) As long as it is a level playing field, European rules in Europe, and US rules in the US. How would the Americans react if most of their data was spied upon (E-Mail, credit card transactions, corporate trade secrets) by foreign private cooperationâ(TM)s and government agencies in e.g. China/Russia/Europe.
I'm fine with upper middle class professionals trading some financial risk, with the prospect of earning more money by being an independent contractor.
But I don't like this being used to generate a class of working poor that sits many hours in the car, in order to get some rides, earning (on average) much less pr. hour than the minimum wage.
No... The halting problem is the problem of defining if a program would ever finish. In safety critical software you have to prove that the systems 'Worst Case Execution Time' is less that the safe process time. (Google WCET and AbsInt) In this case the program is not coming to a HALT, is is still running a loop time of 100Hz or whatever is generating the overflow.
I have seen this on an industrial control system, where a faulty C++ timer class was used to monitor timeouts on a CAN bus. When the system had been online for a month, all nodes failed simultaneously with communication timeout due to an integer wraparound.
Often timers are also used in conjunction with alarms, e.g. stop the engine if the lubrication pressure is lower than 2 bars for 2 secs. Or disconnect generator power if ground fault current is higher than 500 mA for 1sec. A fault in a timer software block would basically fire all alarms at the same time...
Often a Fail Operational system consists of several fail safe systems in parallel. It is then important that the systems dont have common course faults.
”This AD was prompted by the determination that a Model 787 airplane that has been powered continuously for 248 days can lose all alternating current (AC) electrical power due to the generator control units (GCUs) simultaneously going into failsafe mode”
So the problem is that the same software is running in both GCU's, and they have been powered up at the same time.
A 1 kg helicopter with a rotor spinning at 100m/s is dangerous in the wrong hands. In aviation safety is based on rules, and expensive certificates with rights that can be lost if rules are broken.
The operators conducting the commercial aviation business need to document that they have processes (Quality system) to ensure that they have internal checks and balances, to ensure that people is qualified, and equipment is safe.
The persons responsible for the processes need to have power to change unsafe behavior (Therefore need to refer directly to the CEO), and they need to have training with rights that can be lost if rules are broken.
Drone operators/manufacturers/and maintainers must ensure that:
- They don't endanger other aircraft.
- They don't endanger other people
- They don't invade privacy, and harass people.
I see two problems:
1) How should the high priority/premium flag be controlled ?
The ISP can't know the technical requirements of all services, i.e. they don't know if a certain special designed Machine to Machine communication needs low latency.If the ISP charges low latency, then they would categories certain traffic as latency critical, in order to charge more.
If the software it self can open the connection in a 'premium mode', then applications might do this secretly in order to generate a revenue stream to its developers.
If this have to work, then the one paying the internet bill need to decide if he wants to pay the premium for a given traffic. The one paying is not necessary the one using the computer/tablet, this could be a kid unknowingly to parents approving a 'premium' service.
2) The ISP starts to degrade performance of non-premium trafic.
The argument of the ISP would be that: since a connection is not paying for low latency/high throughput, then we will throttle the connection, even if the infrastructure of the ISP has not reached the limit.
In gliding contests we use IGC GPS loggers.
The IGC logger logs a position and pressure altitude fix every second, and when the fligth has been completed a IGC file is generated and signed with the loggers private key.
The file can then be validated on a PC at any time.
In order to get the logger approved by IGC it has to be tamper proof, typical the private key is stored in battery backed SRAM and opening the sealed box makes it loose it's electronic seal. See http://www.fai.org/gliding/gnss/
Slashdot Mirror
This remind me of the Shell car wash back in the early 2000's, where an iButton fob was used as a prepaid token for a number of car washes.
It was possible to do a 'backup' of a new fob, and 'restore' it again when it was empty.
I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive.
Are the $94 covering:
1) Are they paying a one time fee to unlock the encrypted communication feature.
2) A fee to get special trusted X509 time limited certificates to create trust between the radios.
3) A combination of 1 and 2.
For certificates to be used within an organization having its own chain of trust, getting a certificate from a third-party is less secure than a selfsigned certificate.
His father turns on a laptop. "Now we will register our child,".
Pretty standard.. But why do the parents need to register..
In Denmark the mother is registered during prenatal care, and she also informs the social security number of the expected father.
One of my colleagues girlfriend gave birth to there baby a Sunday night, and they were unmarried.
The midwife registers the childbirth.
One hour later the father got a message from the 'stats amt' where the had to sign for the paternity.
If FBI get their back door as they wish, then they would be able to unlock devices of tourists and business people visiting the USA.
Since USA have not been elected to rule the world, then other governments should have the possibilities.
This would enable china to spy on business phones entering China.
"I can imagine changes to the PHY to stop the "jabbering idiot" problem, but nothing that would prevent the other attacks."
The Bus-off condition they are generating, IS the "jabbering idiot" protection.
I dont see any problem with this as long as the CAN bus is not accessible from the outside.
I can also create an DoS attack on my PC if I short pins on the motherboard.
You don't need an arduino to get CAN nodes to get into bus-off state, just short the two CAN bus signals together a couple of times.
If you have physical access then you can also disable Airbags, and ABS brakes with a sidecutter.
Europeans generally have a higher trust in their own government, than a private cooperation.
We especially do not trust large foreign corporations.
I don't mind paying a little extra for my goods in the short run, if this can prevent large corporations gaining too much power in the long run. (Yes, this might hamper 'competition' for them)
As long as it is a level playing field, European rules in Europe, and US rules in the US.
How would the Americans react if most of their data was spied upon (E-Mail, credit card transactions, corporate trade secrets) by foreign private cooperationâ(TM)s and government agencies in e.g. China/Russia/Europe.
I'm fine with upper middle class professionals trading some financial risk, with the prospect of earning more money by being an independent contractor.
But I don't like this being used to generate a class of working poor that sits many hours in the car, in order to get some rides, earning (on average) much less pr. hour than the minimum wage.
What a profound demonstration of the Halting Problem.
No...
The halting problem is the problem of defining if a program would ever finish.
In safety critical software you have to prove that the systems 'Worst Case Execution Time' is less that the safe process time. (Google WCET and AbsInt)
In this case the program is not coming to a HALT, is is still running a loop time of 100Hz or whatever is generating the overflow.
I have seen this on an industrial control system, where a faulty C++ timer class was used to monitor timeouts on a CAN bus. When the system had been online for a month, all nodes failed simultaneously with communication timeout due to an integer wraparound.
Often timers are also used in conjunction with alarms, e.g. stop the engine if the lubrication pressure is lower than 2 bars for 2 secs.
Or disconnect generator power if ground fault current is higher than 500 mA for 1sec.
A fault in a timer software block would basically fire all alarms at the same time...
Often a Fail Operational system consists of several fail safe systems in parallel.
It is then important that the systems dont have common course faults.
”This AD was prompted by the determination that a Model 787 airplane that has been powered continuously for 248 days can lose all alternating current (AC) electrical power due to the generator control units (GCUs) simultaneously going into failsafe mode”
So the problem is that the same software is running in both GCU's, and they have been powered up at the same time.
A 1 kg helicopter with a rotor spinning at 100m/s is dangerous in the wrong hands. In aviation safety is based on rules, and expensive certificates with rights that can be lost if rules are broken. The operators conducting the commercial aviation business need to document that they have processes (Quality system) to ensure that they have internal checks and balances, to ensure that people is qualified, and equipment is safe. The persons responsible for the processes need to have power to change unsafe behavior (Therefore need to refer directly to the CEO), and they need to have training with rights that can be lost if rules are broken. Drone operators/manufacturers/and maintainers must ensure that: - They don't endanger other aircraft. - They don't endanger other people - They don't invade privacy, and harass people.
I see two problems: 1) How should the high priority/premium flag be controlled ? The ISP can't know the technical requirements of all services, i.e. they don't know if a certain special designed Machine to Machine communication needs low latency.If the ISP charges low latency, then they would categories certain traffic as latency critical, in order to charge more. If the software it self can open the connection in a 'premium mode', then applications might do this secretly in order to generate a revenue stream to its developers. If this have to work, then the one paying the internet bill need to decide if he wants to pay the premium for a given traffic. The one paying is not necessary the one using the computer/tablet, this could be a kid unknowingly to parents approving a 'premium' service. 2) The ISP starts to degrade performance of non-premium trafic. The argument of the ISP would be that: since a connection is not paying for low latency/high throughput, then we will throttle the connection, even if the infrastructure of the ISP has not reached the limit.
Pretty standard stuf: See http://www.fai.org/gliding/gnss/ and http://www.fai.org/gliding/system/files/tech_spec_gnss.pdf
In gliding contests we use IGC GPS loggers. The IGC logger logs a position and pressure altitude fix every second, and when the fligth has been completed a IGC file is generated and signed with the loggers private key. The file can then be validated on a PC at any time. In order to get the logger approved by IGC it has to be tamper proof, typical the private key is stored in battery backed SRAM and opening the sealed box makes it loose it's electronic seal. See http://www.fai.org/gliding/gnss/