tesla – IKoB

September 14, 2022September 19, 2022Bojan1 Comment

Weekly breakdown – 22w37d3

Security

Listen to the podcast episode and replace mentions of games with i.e. cars.
It should raise a lot of eyebrows.

It is really not hard to image black market for all kinds of:

Standard: Enabling features
Example with BMW’s subscription for more smart headlights, or Tesla’s back seat warmers.
Scarier: Disabling features
Usual theft protection, but also removing any safety limitations, like speed limit, alcohol checks, hands-off-steer check, etc.
Even now you can buy speed limit disabling feature for even most expensive electric bikes with top-of-line security features that allows you to go from limit of 25 km/h to over 40 km/h where only limit is the battery capacity.

All of this already exists, but at the moment, is not the most scalable business.
To ‘pimp-up’ your current generation cars, you would need to go to a ‘guy’ or a shady shop to make changes.

But the cars are becoming ‘smarter’. Over-the-air updates and all new fancy features allows you to make changes remotely from any part of the world.

And there lies huge black-market opportunity for finding bugs and loopholes, as no software and protection is perfect.
Just check yearly Android bug-list and their severity, even if it is owned developed by all-mighty Google.

If there is a sprawling market for cheats for 50$ games, imagine an opportunity for ‘cheats’ in 50000$+ car.

It is not hard to imagine a 100% online subscription service that will allow you to receive all kinds of un-official ’improvements’ applied automatically to your car.

Thanks goes to Patrik Thunström for sharing this podcast gem and fun discussion 🙂

Programming

https://calebhearth.com/fan-out-vs-fan-in

Another way how to look at code complexity and how to prevent it during design or in refactor.

As with everything, it should not be followed blindly, as the original complexity could end up moving into ever-evolving wrapper classes.
Check Law of Demeter for more information.

Big tech monopoly

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

One more take on how big tech companies have taken over internet from original intent.
If you have ever found legitimate mail ending up in spam folder of your free mail service out of sudden, or not delivered, this is primary reason.

Old but gold: When the product is free, you are the product.

Fun

https://github.com/IdreesInc/Minecraft-Font

For the ones with kids or feel like one 🙂

Fragile Manifesto

Go-to manifest, more often than not 🙂

June 14, 2022June 15, 2022BojanLeave a Comment

Weekly breakdown – 22w24d3

Automotive

https://fortune.com/2022/06/10/elon-musk-tesla-nhtsa-investigation-traffic-safety-autonomous-fsd-fatal-probe

The more cars Tesla sells, the more issues will be found, and not just technical ones.

It is hard to escape law of large numbers and Gaussian bell curve, especially the more organization grows.

And the below quote paints potentially damning decision how ‘Autopilot’ functionality handles itself in accident situations.

(really short rant ahead)

In general terms I consider Elon Musk as a quite smart guy with extremely good sales and marketing talent.

But sales is usually selling features that are not (yet) there and/or overblown capability of existing functionality.

Just look at the naming of ‘Autopilot’ feature of Tesla cars with actual level 2 autonomy.
If you check the meaning of level 2 autonomy, ‘Autopilot’ is in no way autonomous and ‘auto’ as the name strongly suggest.

Heck, Tesla has been already surpassed by Mercedes and Honda with limited, but legally approved level 3 automation mode, where the car manufacturer is actually responsible in case of accident when it is enabled and running in command.

Old-school car manufacturer juggernauts are slow (some will crash and burn), but will eventually catch-up and overwhelm Tesla unless it comes up with something radical, and so far nothing is announced.
And if it we’re, Musk is famous for over-promising and under-delivering on those, for those who follow.

And the famous Tesla bots will not be able to help it.

But I have been wrong, and it will be fun to watch 🙂

Fun

https://www.tomshardware.com/news/working-lego-computer-brick

Make your own fully functioning Lego computer block 🙂

June 1, 2022Bojan2 Comments

Weekly breakdown – 22w22d3

Security

https://kenkantzer.com/learnings-from-5-years-of-tech-startup-code-audits/
Highly distilled and valuable knowledge about security and securing software from-first person audit experience.
Anyone who is interested in improving security (and everyone should) should at least glance through.

https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
Notable results:

– Sandbox escape on Tesla Model 3 Infotainment System – Important due to fact that significant amount of car information is consumed, but also produced by the infotainment system, possibly leading to much significant compromise of safety relevant components of a car

– Sandbox escape on Microsoft Teams – Important due to enormous presence of Teams in high variety of companies due to free(ish) model included in Office suite.

https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_transparency_data_is_used_to_compromise_wordpress_before_installation
How security improvement can have not-so-good side-effects when setting up your standard WordPress (or other web apps) installation.

https://www.lightbluetouchpaper.org/2022/01/19/security-engineering-course/
https://www.lightbluetouchpaper.org/2022/03/18/security-course-at-cambridge/
Free quality lectures going through fundamentals of security and hands-on approach on gaining security experience. And students from few countries can apply for course access in full and free.
Best learning is when you get your hands dirty 🙂

Funny

https://rubenerd.com/git-ignores-gitignore-with-gitignore-in-gitignore/
Sort-of-recursion 🙂