Weekly breakdown – 22w37d3

Security

https://darknetdiaries.com/episode/115/

Listen to the podcast episode and replace mentions of games with i.e. cars.
It should raise a lot of eyebrows.

It is really not hard to image black market for all kinds of:

  • Standard: Enabling features
    Example with BMW’s subscription for more smart headlights, or Tesla’s back seat warmers.
  • Scarier: Disabling features
    Usual theft protection, but also removing any safety limitations, like speed limit, alcohol checks, hands-off-steer check, etc.
    Even now you can buy speed limit disabling feature for even most expensive electric bikes with top-of-line security features that allows you to go from limit of 25 km/h to over 40 km/h where only limit is the battery capacity.

All of this already exists, but at the moment, is not the most scalable business.
To ‘pimp-up’ your current generation cars, you would need to go to a ‘guy’ or a shady shop to make changes.

But the cars are becoming ‘smarter’. Over-the-air updates and all new fancy features allows you to make changes remotely from any part of the world.

And there lies huge black-market opportunity for finding bugs and loopholes, as no software and protection is perfect.
Just check yearly Android bug-list and their severity, even if it is owned developed by all-mighty Google.

If there is a sprawling market for cheats for 50$ games, imagine an opportunity for ‘cheats’ in 50000$+ car.

It is not hard to imagine a 100% online subscription service that will allow you to receive all kinds of un-official ’improvements’ applied automatically to your car.

Thanks goes to Patrik Thunström for sharing this podcast gem and fun discussion 🙂

Programming

https://calebhearth.com/fan-out-vs-fan-in

Another way how to look at code complexity and how to prevent it during design or in refactor.

As with everything, it should not be followed blindly, as the original complexity could end up moving into ever-evolving wrapper classes.
Check Law of Demeter for more information.

Big tech monopoly

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

One more take on how big tech companies have taken over internet from original intent.
If you have ever found legitimate mail ending up in spam folder of your free mail service out of sudden, or not delivered, this is primary reason.

Old but gold: When the product is free, you are the product.

Fun

https://github.com/IdreesInc/Minecraft-Font

For the ones with kids or feel like one 🙂

Fragile Manifesto

Go-to manifest, more often than not 🙂

Weekly breakdown – 22w36d2

Programming

https://utcc.utoronto.ca/~cks/space/blog/programming/CAPIsEffectsOfMalloc

Important reminder to anyone writing C APIs and for the ones learning to use it.
It is also major source of security and stability issues when not handled correctly.
As a helpful guide when writing complex C APIs:

  • Explicitly define ownership of handled memory AND memory lifetime in API documentation
  • Always sanitize and check for correctness input parameters to API
  • Provide both at least one happy-case and multiple negative examples for using the API before any release
    When writing them, try to ask yourself what you would ask Stackoverflow 🙂
    This will help you understand usage patterns

    Note: The easiest part is to create an API, the hardest is to change it in production.

https://thephd.dev/c23-is-coming-here-is-what-is-on-the-menu

Finally the C language it getting proper modern ‘face-lift’ that will potentially help and alleviate bunch of manual work and increase quality of written code.
Lets see if it will fizzle-out, or it will gain traction (looking at you, compiler vendors 😉 ).

https://docs.google.com/document/d/16B36r0HksR0LqQAGLA1syYCtZvYaVC0hEF2D00ZAd0o/view#

Highly informative document for anyone switching between C and C++ and pitfalls of using same or similar approaches from one language into another.

https://luckyresistor.me/knowledge/learn-cpp/

To anyone interested in learning C++, with focus on usage in embedded environment.
Good comments especially valid to all related constraints and best practices for embedded implementation.

Fun

https://matthewbilyeu.com/blog/2022-09-01/responding-to-recruiter-emails-with-gpt-3

Fun use of GPT-3 to automate ‘handling’ of recruiter messaging 🙂